by Fred Theilig – @[email protected] Security Onion threw up three alerts this week:WGET Command Specifying Output in HTTP HeadersPossible D-Link Router HNAP Protocol Security Bypass AttemptD-Link Devices Home Network Administration Protocol Command…
Category: Apache
A (slightly) Deeper Dive into Weird Apache Logs
By Fred Theilig – @fmtheilig My IDS alerted me to strange behavior (obfuscated Log4j) on my web server, but rather than investigate through Security Onion, I went straight to the logs. Greping…
Banner Capture for Fun and Profit
On January 30th I saw the single suricata alert “ET SCAN Zmap User-Agent (Inbound)”. This is a low severity alert and the target was my web server. Let’s see what that’s all…
A Whole Lot of Nothings
On August 18th IP address 23.227.202.82 (Tampa, Florida) triggered the suricata alert “ET SCAN MS Terminal Server Traffic on Non-standard Port” on my web server. This is apparently an attempted information leak,…
An Analysis of a Log4Shell Attack
An interesting thing appeared on my Apache log doorstep in late September. What follows is the actual code received from what I am calling a probable Log4Shell exploit. I was hesitant to…