On Thu, Jan 17, 2013 at 3:39 AM, Robert Rothenberg <robrwo(a)gmail.com> wrote:
>>
>> I've found the following request in the web logs for a server that
doesn't
>> have Cobbler installed:
>>
>>> 93.231.100.23 - - [10/Jan/2013:00:05:14 +0000] "POST /cobbler_api
HTTP/1.1" 404 288 "-" "-"
>>
>> Is there a possible exploit in Cobbler that script kiddies are probing now?
>>
> [BP:] Could there be a Autotest server in your environment that thinks that there is
Cobbler running on this server?
No. That's not one of my machines.
Or they could just be looking for people that have cobbler servers
connected to the internet without locking them down (still using the
default password). You could verify it by running tcpdump and
analyzing the pcap to see what they're sending in the POST.