Date: Wed, 08 Apr 1998 22:57:56 -0700 From: Studded <Studded@san.rr.com> To: "G.P." <G.P@chatcity.de> Cc: freebsd-questions@FreeBSD.ORG, G.P@yamuna.will.knipp.de Subject: Re: Strange lines in /var/log/messages Message-ID: <352C6364.B76B2E58@san.rr.com> References: <199804090204.EAA26751@yamuna.will.knipp.de>
next in thread | previous in thread | raw e-mail | index | archive | help
G.P. wrote: > > Hi! > Recently I found a line in our /var/log/messages (running 2.2.5) I never saw > before: > Apr 9 00:27:20 <foreign IP> GET ../.. > like > Apr 9 00:27:20 123.45.67.89 GET ../.. Same thing happened to one of my customer's systems. Turns out it's some fifteen year old boy's http exploit that happened to connect to your open syslog port. If you don't need to accept logs from remote sites, kill syslogd and restart it with -s. You can also put that flag in /etc/rc.conf. Doug PS, thanks to those who responded to my previous question on this topic, I got food poisoning over the weekend and am still catching up. -- *** Chief Operations Officer, DALnet IRC network *** *** Proud operator, designer and maintainer of the world's largest *** Internet Relay Chat server. 5,328 clients and still growing. *** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?352C6364.B76B2E58>