3

In the list of 404 errors on my web server I keep finding attempted accesses to /admin/Y-ivrrecording.php, /admin/cdr/counter.txt, /modules/extensions_batch/libs/download_csv.php or /c0nfig(!). I suspect that these are attempts to find a vulnerability in my setup.

Can anybody tell me, what they are trying to find? I can't make sense of any of these paths.

jammon
  • 133
  • 1
  • 3

2 Answers2

3

Yes, this is the usual background noise you will see in your logs.
They are trying out vulnerabilities on a large amount of servers and hope one doesn't reply with a 404.
These specific ones seem to be for a project called FreePBX (search for the second filename) and Elastix (http://sysadminman.net/blog/2011/elastix-1-5-and-1-6-security-vulnerability-2086).

Not sure about the /c0nfig - with that one they might want to provoke a 404, as this usually also gives them the webserver and/or version of the webserver you are using.

faker
  • 17,326
  • 2
  • 60
  • 69
  • 2
    Once upon a time I had rules to detect quieries like this and respond with offensive ASCII pages or redirect to other rude things. Granted, that's not especially wise as it could provoke unwanted attention. I *believe* all you want to do here is keep watching your logs, keep your software packages updated & run backups regularly. That's about all you can do - ohh and write "secure" web applications, as best you can. No? – James T Snell Jun 24 '11 at 15:59
  • 1
    :-)) Of course, *my* wep app is secure ... – jammon Jun 24 '11 at 16:01
0

I have found exactly the same attempts (all the listed above)in my server stats, they have been tried more than 5 times. However by a search on them I have found that malevolent people are trying to use them to detect security leaks in servers and find a way to hack systems. So keep an eye on them and secure your applications. I am still asking myself if the same people came to your website and mine!

mushavim
  • 1