My webmin server is down "Hacked or not?"

3 posts / 0 new
Last post
#1 Tue, 10/06/2009 - 13:41

My webmin server is down "Hacked or not?"


This day my virtualmin&webmin server miniserv is down.

Here are the contents of the line that brought down the server : - - [06/Oct/2009:11:12:06 +0200] "POST /unauthenticated//..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01 /..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%0 1/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..% 01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/.. %01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/etc/shells HTTP/1.1" 404 32

Question: Is this an attack? Is this a known crack? Does the server may be compromised? How to locate a possible compromise of the server?

Thank you for your help G.G.F.

Tue, 10/06/2009 - 13:46

Is it an attack? Sure!

But attacks happen all the time, the key is just to make sure your software is all up to date.

The attack was both automated and unsuccessful.

The "404" mark at the end of all that says that the server said the requested URL was unavailable, which is what it should do.

If Virtualmin isn't running, it's not likely related to what you posted above. I'd try restarting it, and determining what error messages you see while performing the restart.


Tue, 10/06/2009 - 13:59

Webmin is restarted without any problem. But I want to be sure the server is not compromised. What I do not explain is why webmin is down after the http request

Topic locked