On Fri, 12 Dec 2003 07:21:15 -0500 GDHough <mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org> wrote:
Jan 19 will be my Apache's one year birthday. In that time I've learned much about running a webserver on Linux. One thing I've seen many times over are GET's for /sumthin/. I don't GET it? Why /sumthin/ and not just /? Is this a way to grab banners, 404's?
Does anyone ever put something in /sumthin/?
I was curious myself, so I did a little google.ca/linux and lo and behold: "This looks to be a banner grabbing attempt on your webservers. Alot of scanners/worms will do this in an attempt to find out what type of web server you are running and compare it against a list of vulnerable servers for some particular exploit. The `"/sumthin" is placed within the GET command to trigger a 404 error, which in turn reveals valuable information about your server back the requestor. If the information returned by your server is useful to the scanner/worm you may see other exploits in the near future targeted towards your box." -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++++++++++++++++++++++++++ "Behind every great fortune is a crime." -- Balzac -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml