You may have seen my other posts about a server slowing down over time. I am starting this new thread because I wonder if it is being attacked. I turned on server logs to see if there are errors causing the slowdown. In the xbasic log, I see a LOT of errors like this:
In the server error log, I see this, over and over and over again .
That all looks like random attacks to me.
But the system doesn't record IP addresses - otherwise I would block the addresses I see.
I am not a security guru. Can someone help me mitigate this?
WARNING:A query parameter, form variable, or cookie name could not be used as an Xbasic variable and had to be renamed.
Original name:4242
New name: _4242_
Request Method: GET
Request: /cgi-bin/gotopage.cgi?4242+../../../../../../../../../../../../../etc/passwd
WARNING:A query parameter, form variable, or cookie name could not be used as an Xbasic variable and had to be renamed.
Original name:4242
New name: _4242_
Request Method: GET
Request: /cgi-bin/gotopage.cgi?4242+../../../../../../../../../../../../../etc/passwd
WARNING:A query parameter, form variable, or cookie name could not be used as an Xbasic variable and had to be renamed.
Original name:4242
Original name:4242
New name: _4242_
Request Method: GET
Request: /cgi-bin/gotopage.cgi?4242+../../../../../../../../../../../../../etc/passwd
WARNING:A query parameter, form variable, or cookie name could not be used as an Xbasic variable and had to be renamed.
Original name:4242
New name: _4242_
Request Method: GET
Request: /cgi-bin/gotopage.cgi?4242+../../../../../../../../../../../../../etc/passwd
WARNING:A query parameter, form variable, or cookie name could not be used as an Xbasic variable and had to be renamed.
Original name:4242
[Mon Jan 14 02:10:10 2019] [error] (Not Found: C:\a5v12\A5Webroot\favicon.iso) The requested URL /favicon.iso was not found on this server.
[Mon Jan 14 02:10:43 2019] [error] (Not Found: C:\a5v12\A5Webroot\password) The requested URL /password was not found on this server.
[Mon Jan 14 02:10:43 2019] [error] (Not Found: C:\a5v12\A5Webroot\robots.txt) The requested URL /robots.txt was not found on this server.
[Mon Jan 14 02:10:44 2019] [error] (Not Found: C:\a5v12\A5Webroot\CVS\Entries) The requested URL /CVS/Entries was not found on this server.
[Mon Jan 14 02:10:44 2019] [error] (Not Found: C:\a5v12\A5Webroot\NonExistant892022028\) The requested URL /NonExistant892022028/ was not found on this server.
[Mon Jan 14 02:10:43 2019] [error] (Not Found: C:\a5v12\A5Webroot\password) The requested URL /password was not found on this server.
[Mon Jan 14 02:10:43 2019] [error] (Not Found: C:\a5v12\A5Webroot\robots.txt) The requested URL /robots.txt was not found on this server.
[Mon Jan 14 02:10:44 2019] [error] (Not Found: C:\a5v12\A5Webroot\CVS\Entries) The requested URL /CVS/Entries was not found on this server.
[Mon Jan 14 02:10:44 2019] [error] (Not Found: C:\a5v12\A5Webroot\NonExistant892022028\) The requested URL /NonExistant892022028/ was not found on this server.
That all looks like random attacks to me.
But the system doesn't record IP addresses - otherwise I would block the addresses I see.
I am not a security guru. Can someone help me mitigate this?
Comment