1 Topic by Lexa83

  • Lexa83
  • Lexa83
  • Member
  • Offline
  • Registered: 2016-09-15
  • Posts: 67

Topic: Should i be concerned?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Linux/BSD distribution name and version: Ubuntu 16.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? YES 2.6.0
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

In my most recent logwatch email it stated the following:
 A total of 1 possible successful probes were detected (the following URLs
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit):
 
    /?lang=../../../../../../../../../etc/passwd%00.png&p_id=60 HTTP Response 200
 
It usually does not say that it was possibly successful and just list the error ones, should I be concerned? is there something I should check?
Thanks in advance

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,164

Re: Should i be concerned?

Which web application respond the request? If it's iRedAdmin-Pro, it's fine, because it will check whether the given language code ("?lang=xxx") is one of available languages (under 'i18n/' directory).