Re: [webmin-l] Unusual Error

[Jamie C. <jca...@we...>]

On 8/Sep/2006 15:07 Terry Allen wrote ..
> Hi again,
> 	In the Webmin logs, I spotted a couple of these attempts earlier today:
> 
> [20/Aug/2006:20:44:55 +1000] [66.160.144.222] 
> /unauthenticated//..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/etc/shadow
> : File not found
> 
> [20/Aug/2006:20:44:58 +1000] [66.160.144.222] 
> /unauthenticated/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
//etc/passwd
> : File not found
> 
> 	Now the log quite clearly states that the file wasn't found, 
> but not having seen these before, I wonder is there anything I need 
> to nail down or what they are trying to achieve apart from trying to 
> get at the /etc files?

Just make sure you are running Webmin 1.290 or later. If you had an
older version, this attack may have managed to read your /etc/shadow
file (in which case it wouldn't have reported 'file not found').

 - Jamie