刚刚接手新客户网站的管理工作。操作系统是 Linux。他们在文档根目录下有一个 cgi-bin 目录。
我查看了 error.log 中有关脚本的问题,发现多次尝试访问已废弃的 Perl 脚本。我现在已经删除了整个 cgi-bin 目录。
问题:
在哪里可以找到 Linux VPS 上的 suexec 日志?它不在 /var/log/httpd/suexec_log 中。
假设权限设置正确,攻击者如何获取 cgi-bin 的目录列表?
既然 cgi-bin 已被删除,您对采取进一步行动有什么想法吗?
[Mon Nov 21 01:15:08 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 01:15:08 2011] [error] [client 66.249.68.193] Premature end of script headers: excel.pl
[Mon Nov 21 01:32:30 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 01:32:30 2011] [error] [client 66.249.68.193] Premature end of script headers: forward.pl
[Mon Nov 21 01:49:52 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 01:49:52 2011] [error] [client 66.249.68.193] Premature end of script headers: harvest.pl
[Mon Nov 21 01:58:27 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 01:58:27 2011] [error] [client 66.249.68.193] Premature end of script headers: who.pl
[Mon Nov 21 02:07:14 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:07:14 2011] [error] [client 66.249.68.193] Premature end of script headers: thousandwords.pl
[Mon Nov 21 02:17:21 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:17:21 2011] [error] [client 66.249.68.193] Premature end of script headers: news.pl
[Mon Nov 21 02:41:58 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:41:58 2011] [error] [client 66.249.68.193] Premature end of script headers: environment.pl
[Mon Nov 21 02:52:14 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:52:14 2011] [error] [client 66.249.68.193] Premature end of script headers: xpdf.pl
[Mon Nov 21 02:59:20 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:59:20 2011] [error] [client 66.249.68.193] Premature end of script headers: mail.pl
[Mon Nov 21 02:59:47 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:59:47 2011] [error] [client 66.249.68.193] Premature end of script headers: score.pl
[Mon Nov 21 03:16:42 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 03:16:42 2011] [error] [client 66.249.68.193] Premature end of script headers: pdfextract.pl
[Mon Nov 21 03:16:54 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 03:16:54 2011] [error] [client 66.249.68.193] Premature end of script headers: surveysays.pl
[Mon Nov 21 03:26:22 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 03:26:22 2011] [error] [client 66.249.68.193] Premature end of script headers: surveycookie.pl
[Mon Nov 21 03:51:26 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 03:51:26 2011] [error] [client 66.249.68.193] Premature end of script headers: search.cgi
[Mon Nov 21 04:08:48 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 04:08:48 2011] [error] [client 66.249.68.193] Premature end of script headers: shuffler.pl
[Mon Nov 21 06:37:34 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 06:37:34 2011] [error] [client 66.249.68.193] Premature end of script headers: tickerBN.pl
[Mon Nov 21 06:56:58 2011] [error] [client 66.249.68.193] suexec failure: could not open log file
[Mon Nov 21 06:56:58 2011] [error] [client 66.249.68.193] fopen: Permission denied
[Mon Nov 21 06:56:58 2011] [error] [client 66.249.68.193] Premature end of script headers: weatherFind.pl
[Mon Nov 21 08:14:37 2011] [error] [client 66.249.68.193] suexec failure: could not open log file
[Mon Nov 21 08:14:37 2011] [error] [client 66.249.68.193] fopen: Permission denied
[Mon Nov 21 08:14:37 2011] [error] [client 66.249.68.193] Premature end of script hea
答案1
什么版本的 Linux?尝试 /var/log/apache2/suexec.log,但看起来 suexec (Apache) 没有权限写入日志文件。似乎是在寻找易受攻击的脚本的机器人。