HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   script '/usr/local/ispconfig/interface/web/login_up.php3' not found or unable to stat (http://www.howtoforge.com/forums/showthread.php?t=59026)

cbj4074 9th October 2012 22:20

script '/usr/local/ispconfig/interface/web/login_up.php3' not found or unable to stat
 
Hi, everyone,

I've been seeing the following types of entries in /var/log/apache2/error.log, at a rate of 10 entries per second:

Code:

[Tue Oct 09 05:53:11 2012] [error] [client XXX.XXX.XXX.XXX] script '/usr/local/ispconfig/interface/web/login_up.php3' not found or unable to stat
What might the user-agent be doing (or attempting to do) that would cause such a message to be logged?

In particular, I'm curious as to why the logged message references a file-system path, as opposed to a URL. This seems to indicate that the user-agent is targeting a specific PHP script that attempts to load a different PHP script from the file-system.

till 10th October 2012 09:17

Did you had plesk installed on that server before as there is a script with that name in pleask but not in ispconfig:

http://kb.parallels.com/en/1798

so maybe there is a script from plesk or a script developed for plesk installed on the server that searches for this script or an attacker thinks that this is a plesk install. When you access the script by http, the path /usr/local/ispconfig/interface/web/login_up.php3 is the equivalent to /login_up.php3 of the ispconfig controlpanel vhost, so it might be that the script can not identify that its not plesk while searching for the script.

cbj4074 11th October 2012 17:19

Hi, Till, thanks for your response.

Plesk has never been installed on this server, but ISPConfig is configured to use the same port that Plesk uses (8443). This is probably why the probing software thought that the server is running Plesk.

What you say regarding the file path translation makes sense.

It sounds like I can ignore these probes, as they will never be successful if they're looking for Plesk.

Thanks again for the thorough explanation!


All times are GMT +2. The time now is 16:17.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.