1. Forum
  2. Usenet
  3. COMP.LANG.TCL

  • Re: tclhttpd logs

    From Colin Macleod@21:1/5 to All on Wed Jul 3 19:00:16 2024
    saito <saitology9@gmail.com> posted:

    I wonder if anyone is familiar with tclhttpd log entries and can shed
    some light on this:

    Typically each log entry contains a bunch of attributes including the ip address, a timestamp, the requested url, user agent, http code, etc.
    But I am seeing an increasing number of weird entries where most of that
    info is empty. The lines only include the ip address and the timestamp,
    and the rest is just "- - - - -".

    What does this mean?

    Yes I see this occasionally, got a single one yesterday, none today. I don't know what causes it though.

    --
    Colin Macleod.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Colin Macleod@21:1/5 to All on Thu Jul 4 08:02:49 2024
    saito <saitology9@gmail.com> posted:


    Yeah, it doesn't look kosher. I saw like 10 of them like that one after another. Then I get normal entries from the same source but the
    requests all appear to be hacking attempts containing shell commands
    with rm, cd, wget, or some .php stuff.

    Here's a little thing I hacked up to return something suitable to the script kiddies who persist in probing for php weaknesses etc. :
    http://paste.tclers.tk/5935

    --
    Colin Macleod.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)