Re: [webmin-l] Unusual Error

[Terry A. <hm...@oz...>]

>On 8/Sep/2006 15:07 Terry Allen wrote ..
>>  Hi again,
>>	In the Webmin logs, I spotted a couple of these attempts earlier today:
>>
>>  [20/Aug/2006:20:44:55 +1000] [66.160.144.222]
>> 
>>/unauthenticated//..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/etc/shadow
>>  : File not found
>>
>>  [20/Aug/2006:20:44:58 +1000] [66.160.144.222]
>> 
>>/unauthenticated/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
//etc/passwd
>>  : File not found
>>
>>	Now the log quite clearly states that the file wasn't found,
>>  but not having seen these before, I wonder is there anything I need
>>  to nail down or what they are trying to achieve apart from trying to
>>  get at the /etc files?
>
>Just make sure you are running Webmin 1.290 or later. If you had an
>older version, this attack may have managed to read your /etc/shadow
>file (in which case it wouldn't have reported 'file not found').
>
>  - Jamie
>
Hi again,
	Indeed, I am running 1.290. Quite a bizarre line.
-- 

	Bye for now, Terry Allen 
	___________________________________________________________________
hEARd

Postal Address:
	hEARd, 26B Glenning Rd,	Glenning Valley, NSW 2261, Australia
Internet -
	WWW: http://heard.com.au http://itavservices.com
EMAIL: hm...@oz...
Phone: Australia - 02 4388 1400 / International - + 61 2 43881400
Mobile: Australia - 04 28881400 / International - 61 4 28881400
-----------------------------------------------
Non profit promotion for new music - since 1994
-----------------------------------------------