DSM-G600, DNS-3xx and NSA-220 Hack Forum

2mymall · 2010-04-06 07:42:51

I am using the lighttpd feature from funplug and have a webserver runing on the DNS 323. When people are accessing the site, it is normal to have both the internet access light and hard disk light on the NAS blinking.

But at times, I notice that only the internet access light blinking furiously. Checking the access logs, I find entries like:

222.186.13.75 bbs.rexian.net.cn - [04/Apr/2010:20:32:13 +0800] "GET http://bbs.rexian.net.cn/templates/defa … DE197923E2 HTTP/1.0" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

118.161.233.46 - - [04/Apr/2010:20:37:26 +0800] "CONNECT maile.burst.idv.tw:25 HTTP/1.0" 501 357 "-" "-"

114.255.168.213 [My DNS323 IP:Port] - [06/Apr/2010:01:37:13 +0800] "GET /manager/html HTTP/1.1" 404 345 "-" "Mozilla/3.0 (compatible; Indy Library)"

Correct me if I am wrong but I suspect someone has found a loophole to use the internet through the server.

Is there any way to ban or deny access to the web server.

hell0 · 2010-04-06 16:29:51

2mymall wrote:
Correct me if I am wrong but I suspect someone has found a loophole to use the internet through the server.

Read http://en.wikipedia.org/wiki/List_of_HTTP_status_codes to understand what you log means.
Don't run your webserver on a well known port like 80 and this will probably never happen again...

2mymall · 2010-04-06 20:59:46

Hello, Thanks for the link bit it does not help. Codes 345 & 357 are not listed.

Anyway the web server is not running on port 80.

hell0 · 2010-04-06 22:00:57

The codes in your log are 404 and 501

Then its like port 443 or 8080?

2mymall · 2010-04-07 09:32:53

You're right.

Don't seem to have luck changing the ports though. I can see lighttpd config and open it in notepad, but don't have the correct permissions on win 7 to save it.

I can log in as root in shell and change file permissions but no idea how to modify the file in shell.

Even after changing the file permission to 777, I still cannot save changes using notepad.

Any advice??

mushanga · 2010-04-07 09:49:11

First, set the permission to 666 (read & write to everyone, no execution) instead of 777 (read/write/execute).
Then use a native linux editor (like vi or nano) under ssh or telnet access or, if you're not comfortable with that, use Notepadd++ in windows which is aware of linux text file format.
If it is not enougth try to download the configuration file, modify it under windows with Notepad++ and overwrite it.

KyleK · 2010-04-07 11:17:17

Have a look at this as well: http://redmine.lighttpd.net/projects/li … figuration

2mymall · 2010-04-07 11:27:48

Thanks mushanga. That worked.

Chmod it to 666, edited it with textpad and saved it back. Restarted the server and everything is ok.

Now just hope this stops the unauthorized activity I always notice on the server.

Thanks again man.

Last edited by 2mymall (2010-04-07 11:30:46)

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2010-04-06 07:42:51

Ban/Deny access by IP address to funplug lighttpd server

#2 2010-04-06 16:29:51

Re: Ban/Deny access by IP address to funplug lighttpd server

2mymall wrote:

#3 2010-04-06 20:59:46

Re: Ban/Deny access by IP address to funplug lighttpd server

#4 2010-04-06 22:00:57

Re: Ban/Deny access by IP address to funplug lighttpd server

#5 2010-04-07 09:32:53

Re: Ban/Deny access by IP address to funplug lighttpd server

#6 2010-04-07 09:49:11

Re: Ban/Deny access by IP address to funplug lighttpd server

#7 2010-04-07 11:17:17

Re: Ban/Deny access by IP address to funplug lighttpd server

#8 2010-04-07 11:27:48

Re: Ban/Deny access by IP address to funplug lighttpd server

Board footer