Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

8
Webserver return codes and exploitation
Post Flair (click to view more posts with a particular flair)
Analysis
Post Body

Please forgive me if this is a stupid question, but my background is in networking and I do not know a lot about webserver security.

If someone attempts to exploit a webserver, and we see in the logs that the server returned anything other than a 200 OK response (for example 404 not found or 301 moved) is it still possible that the server could have been exploited?

The reason I ask is if the response indicates that nothing could have happened, we can filter those events out as noise.

UPDATE: Thank you all for the confirmation. I just need to figure out how to get the rest of the people on my team to realize that just because a Webserver returns an error code, it does not mean that the attack did not go through. Too many times people look at that return code and stop the investigation thinking it was unsuccessful.

Author
Account Strength
90%
Account Age
9 years
Verified Email
Yes
Verified Flair
No
Total Karma
1,309
Link Karma
714
Comment Karma
539
Profile updated: 1 day ago
CaptainDaddykins

Subreddit

r/AskNetsec

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
1 year ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/AskNetsec/c...