Someone testing for CGI?
Hi all,
Really quick query for you I'd imagine. I've started seeing the occasional cgi error appearing in my error log on the vps, such as the following:
I don't have any cgi scripts and have disabled them as far as I know. The only user on the vps is for my employers website and is managed by me (so no external users). The error above looks as if someone is attempting to use a cgi script on the vps, but is failing due to the fact its not enabled. Is it something to worry about? Would someone have to have already gained access to the vps to be able to even attempt the above?
[Sun Jan 17 13:25:19.808822 2016] [cgi:error] [pid 7648] [client 191.236.119.223:1129] AH01215: (13)Permission denied: exec of '/usr/local/apache/cgi-bin/test-cgi' failed: /usr/local/apache/cgi-bin/test-cgi
[Sun Jan 17 13:25:19.809020 2016] [cgi:error] [pid 7648] [client 191.236.119.223:1129] End of script output before headers: test-cgi
[Thu Jan 14 17:20:53.060766 2016] [cgi:error] [pid 15159] [client 76.245.202.19:56494] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php4
[Thu Jan 14 17:20:53.320570 2016] [cgi:error] [pid 14712] [client 76.245.202.19:56502] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php5
[Thu Jan 14 17:20:54.117204 2016] [cgi:error] [pid 15225] [client 76.245.202.19:56535] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php
[Thu Jan 14 17:20:54.397840 2016] [cgi:error] [pid 16299] [client 76.245.202.19:56544] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php5-cli
[Thu Jan 14 17:20:55.217138 2016] [cgi:error] [pid 15329] [client 76.245.202.19:56582] AH02811: script not found or unable to stat: /usr/local/cpanel/cgi-sys/php5
[Thu Jan 14 17:20:55.477713 2016] [cgi:error] [pid 15146] [client 76.245.202.19:56592] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php.fcgi
[Thu Jan 14 17:20:55.734498 2016] [cgi:error] [pid 16404] [client 76.245.202.19:56605] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/index.cgiI don't have any cgi scripts and have disabled them as far as I know. The only user on the vps is for my employers website and is managed by me (so no external users). The error above looks as if someone is attempting to use a cgi script on the vps, but is failing due to the fact its not enabled. Is it something to worry about? Would someone have to have already gained access to the vps to be able to even attempt the above?
-
Hello :) You can block the individual IP addresses in your firewall. I suggest installing a firewall management utility such as CSF if you have not already done so. The requests on their own are not harmful, but rather indicate an access attempt from a person or script that's likely checking for vulnerabilities. Thank you. 0 -
It is likely someone scanning for the old shellshock exploit (which has been patched for some time) but you would need the apache access logs from around that same time to verify. 0
Please sign in to leave a comment.
Comments
2 comments