Welcome Guest, Not a member yet? Register   Sign In
strange request pathes
#1

Hi, 
First off all I could not find proper title for this question.

I am recording in DB all pathes when user visits page. 
Strange thing is somebody tryied following urls in my website:
1. www.mywebsite.com/root/.ssh/id_dsa
2. www.mywebsite.com/.ssh/id_dsa
3. www.mywebsite.com/root/.ssh/id_rsa

Anybody can tell me that what these type of queries mean?

Thanks in advance
Reply
#2

They're looking for private SSH keys, which would give them access to the server.

Something must be very, very wrong in your setup if you had those files in those same locations though.
Reply
#3

thanks narf, there is nothing in this path. I think server configurations configured to prevent this type of path
Reply
#4
Sad 

@neuron, If your path log has date/time data I would double check the server access logs (if possible) at those times to make sure they did not get a positive reply .

An access log entry might look something like this

Code:
some.ip.address.here - - [11/Oct/2017:00:25:46 -0400] "GET /root/.ssh/id_dsa HTTP/1.1" 200 ...more info...

The above shows a response code of 200 which is  Sad.  
Be  Big Grin  if the server response code is in the 400 or 500 range.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB