Script not found or unable to stat: /usr/lib/cgi-bin/php-cgi

apache-2.2logging

I have just seen a new series of error in the /var/log/apache2/error.log

[Thu Oct 31 06:59:04 2013] [error] [client 203.197.197.18] script not found or unable to stat: /usr/lib/cgi-bin/php

[Thu Oct 31 06:59:08 2013] [error] [client 203.197.197.18] script not
found or unable to stat: /usr/lib/cgi-bin/php5

[Thu Oct 31 06:59:09 2013] [error] [client 203.197.197.18] script not
found or unable to stat: /usr/lib/cgi-bin/php-cgi

[Thu Oct 31 06:59:14 2013] [error] [client 203.197.197.18] script not
found or unable to stat: /usr/lib/cgi-bin/php.cgi

[Thu Oct 31 06:59:14 2013] [error] [client 203.197.197.18] script not
found or unable to stat: /usr/lib/cgi-bin/php4

This server is running Ubuntu 12.04lts.

I have never seen this sort of attack before, should i be concerned or securing my system in any way for them?

Thanks,
John

Best Answer

If you're running a default configuration of Apache on Ubuntu (or have used the default config as a blind template for other virtualhost directives) you'll likely find that you have a ScriptAlias directive mapping /cgi-bin/ (relative to the apache document root) to the filesystem location of /usr/lib/cgi-bin/ - so what they're actually trying to load is http://your.host.name/cgi-bin/php4.

If you're not using your cgi-bin for anything, you're unlikely to lose anything you care about by commenting out the sections relating to it (and the more defined to your needs your configuration is, the smaller any potential attack surface).

You'll find the relevant directives for the default site in /etc/apache2/sites-available/000-default, if memory serves.

Related Topic