Jump to content

[SOLVED] Error in my error log

EchoFool

By EchoFool
in PHP Coding Help

 Share

Recommended Posts

EchoFool Advanced Member

EchoFool

Posted
Posted

I have just recently looked at my error log and noticed a new error that i have no seen before whilst building my website, and am wondering what it is that causes it, so i can solve the issue.. could some one explain what it is trying to tell me in simple terms:

 

client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:

 

What does it mean ?

Link to comment
https://forums.phpfreaks.com/topic/159791-solved-error-in-my-error-log/
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

When you send a request to a server if that request as an error in it the server replies with a message like

 

"Unknown packet" -- Unix OS

or

"unable to resolved" Windows OS

etc etc

 

Now

just say you wanted to find out what software/server/OS a machine was running but the tech guy turned off the welcome messages, identifiers etc etc.. this means you don't know what types of vulnerabilities to look for.

 

but if you send a malformed packet and you got back

"unable to resolved" oow that's a windows message thus that machine is running windows

 

the same idea with requests to Apache or IIS etc, these are used as fingerprints to find out whats running

 

Now someone could connect to your host and using finger print scans could find out everything your running, (maybe down to the version number (mostly major numbers)

Now they have all this info about your server they can now look for vulnerabilities within that software

 

so just say they found your using XYZ-FTP and they found a vulnerabilities it and you don't have the latest updates/patches they could get into your files without your password no matter what you do.. it infact could be a higher level access that you have (depending on what you have).. you can't stop this via PHP this is higher up the chain..

 

Just make sure you have all the updates in place and you should be okay (probably muhahahah)

EchoFool Advanced Member

EchoFool

Posted
  • Author
Posted

Sounds like im almost helpless from it other than hopefully having reliable security softwares in place.

 

I'm still getting errors like this:

 

File does not exist: /usr/local/apache/htdocs/sumthin

File does not exist: /usr/local/apache/htdocs/webmail

File does not exist: /usr/local/apache/htdocs/mail

File does not exist: /usr/local/apache/htdocs/roundcube

File does not exist: /usr/local/apache/htdocs/roundcube

Invalid method in request \x16\x03

File does not exist: /usr/local/apache/htdocs/501.shtml

 

This was just today... is that related to it ?

 

EchoFool Advanced Member

EchoFool

Posted
  • Author
Posted
client 64.15.156.247

client 79.125.59.115

client 61.221.40.45

client 194.72.238.62

 

these are the ips for the list. Should i worry about these scans, im still not sure if im safe or not i have had my host put all my security software on to my server, jsut wondered if theres anything i can code on to my site and upload to help secure the site more so ?

MadTechie Regular Member

MadTechie

Posted
Posted

Humm its a wide range, the "\x16\x03" is either a something trying to use ssl on your server that i assume doesn't have ssl on (or their using the wrong port) or some test

 

File does not exist: /usr/local/apache/htdocs/webmail

File does not exist: /usr/local/apache/htdocs/mail

File does not exist: /usr/local/apache/htdocs/roundcube

is check to see if you have a webmail their

 

File does not exist: /usr/local/apache/htdocs/501.shtml

is infact your server redirecting a users request, you could create that file if you like (just a html file with a message ie "501 error"

 

File does not exist: /usr/local/apache/htdocs/sumthin

this I assume is used for the finger print, it basically doesn't exist thus this gets and error returned from the server, which contains Web Server type, Version and OS

 

you can protect against this by adding the following lines to your Apache config (httpd.conf) that will prevent the server from disclosing that information. 

ServerTokens prod
ServerSignature no

 

BUT it doesn't stop them all..

 

I will take a chance here and say, from what i have seen, this seam to be an automatic process and unless your server is out of date you shouldn't need to worry (as it will probably stop, by itself) it seams to be testing for some very basic weaknesses (to exploit your server for spamming), but the program or bot that seams to be doing this is either some off the shelf software or a generically written bot, its probably not a cracker after you (if it is, they are not very good).

EchoFool Advanced Member

EchoFool

Posted
  • Author
Posted

Thank you for the infomation MadTechnie

 

Just wondered also where httpd.conf is, as i don't have one in my main root directory, which im assuming is where it is, if i don't have one does that mean i should have had one?

 

With regards to SSL is that some one trying to access my server via an FTP program ?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.