JoeHill joehill-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org
Fri Dec 12 12:29:09 UTC 2003

On Fri, 12 Dec 2003 07:21:15 -0500
GDHough <mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org> wrote:

> Jan 19 will be my Apache's one year birthday. In that time I've learned much 
> about running a webserver on Linux. One thing I've seen many times over are 
> GET's for /sumthin/. I don't GET it? Why /sumthin/ and not just /? Is this a 
> way to grab banners, 404's?
> Does anyone ever put something in /sumthin/?

I was curious myself, so I did a little google.ca/linux and lo and behold:

"This looks to be a banner grabbing attempt on your webservers.  Alot of
scanners/worms will do this in an attempt to find out what type of web server
you are running and compare it against a list of vulnerable servers for some
particular exploit.  The `"/sumthin" is placed within the GET command to
trigger a 404 error, which in turn reveals valuable information about your
server back the requestor.  If the information returned by your server is
useful to the scanner/worm you may see other exploits in the near future
targeted towards your box."

JoeHill ++ ICQ # 280779813
Registered Linux user #282046
Homepage: www.orderinchaos.org
"Behind every great fortune is a crime."
-- Balzac
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list