joehill-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org
Fri Dec 12 12:29:09 UTC 2003
On Fri, 12 Dec 2003 07:21:15 -0500
GDHough <mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org> wrote:
> Jan 19 will be my Apache's one year birthday. In that time I've learned much
> about running a webserver on Linux. One thing I've seen many times over are
> GET's for /sumthin/. I don't GET it? Why /sumthin/ and not just /? Is this a
> way to grab banners, 404's?
> Does anyone ever put something in /sumthin/?
I was curious myself, so I did a little google.ca/linux and lo and behold:
"This looks to be a banner grabbing attempt on your webservers. Alot of
scanners/worms will do this in an attempt to find out what type of web server
you are running and compare it against a list of vulnerable servers for some
particular exploit. The `"/sumthin" is placed within the GET command to
trigger a 404 error, which in turn reveals valuable information about your
server back the requestor. If the information returned by your server is
useful to the scanner/worm you may see other exploits in the near future
targeted towards your box."
JoeHill ++ ICQ # 280779813
Registered Linux user #282046
"Behind every great fortune is a crime."
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy