store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Thu Apr 24, 2014 3:06 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: ASL Security Event - Exploit User Agent (MFS)
Unread postPosted: Thu Aug 28, 2008 9:25 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Jan 17, 2008 5:48 pm
Posts: 124
What do I make of this? What are they trying to do?

Thanks.


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Aug 28, 2008 11:58 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7780
Location: earth
neat! whats the full message?


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Aug 29, 2008 12:21 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Jan 17, 2008 5:48 pm
Posts: 124
The message was in the ASL GUI. Other than the message itself it just listed the offending IP. Is there a detailed log somewhere so I can post the full message?

Thanks.


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Aug 29, 2008 2:16 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7780
Location: earth
Yeah you can check the logs under /var/ossec/logs/, it will keep archives of everything.


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Aug 29, 2008 2:38 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Jan 17, 2008 5:48 pm
Posts: 124
Here it is. Thanks for taking a look. Fortunately, they appear not to have succeed.


2008 Aug 28 12:20:50 ns1->/var/log/httpd/audit_log
Rule: 50121 (level 7) -> 'Critical alert by Mod Security.'
Src IP: 216.193.205.71
User: (none)
[modsecurity] [client 216.193.205.71] [domain 66.xxx.xx.xxx] [403] [/20080828/20080828-1220/20080828-122048-CNKK60J@CokAAA9KW10AAAAA] [file "/etc/httpd/modsecurity.d/20_asl_useragents.conf"] [line "346"] [id "330094"] [rev "1"] [msg "Exploit User Agent (MFS)"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "Morfeus Fucking Scanner" at REQUEST_HEADERS:User-Agent.


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Aug 29, 2008 3:59 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7780
Location: earth
Yup, that was an attack all right


Top
 Profile  
 
 Post subject:
Unread postPosted: Tue Sep 02, 2008 2:22 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Jan 17, 2008 5:48 pm
Posts: 124
Nice to see ASL doing its job, great work.

It does strike me though that breaking into ones server is akin to breaking into one's house. I could argue that things on my server are just as valuable as things in my house. Seems it should be illegal and offenders should be fined.


Top
 Profile  
 
 Post subject: Re: ASL Security Event - Exploit User Agent (MFS)
Unread postPosted: Mon Feb 27, 2012 7:13 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
AFAIK it is illegal (this might depend on where you live), but that doesn't make it any easier to actually catch the people behind the attacks.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: ASL Security Event - Exploit User Agent (MFS)
Unread postPosted: Mon Feb 27, 2012 10:00 am 
Offline
Forum Regular
Forum Regular

Joined: Mon Apr 10, 2006 12:55 pm
Posts: 669
Just a general FYI, the IP is US based. Most likely this was a proxy attack using an infected zombie machine. The real culprits are likely in Asia or eastern Europe, where catching them, let alone prosecuting them, will be difficult if not impossible.

_________________
"Its not a mac. I run linux... I'm actually cool." - scott


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group