Need help regarding the log entry and its explanation.

[Shazid]

Hey friends i just got this entry on my log today. Could someone explain me what this could be or what this thing tried to do?
xxx GET /phplist/admin/index.php _SERVER[ConfigFile]= ../../../../../../../../../../../../../../../../etc /passwd 80 - 94.63.246.3 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+2002 ) - - 404 0 3 1814 298 296

[Milton.J]

I do know what he was trying to do! I have studied networking so I could easily understand what his real intentions are,First of all he was trying to get your /etc/passwd file, which is where the list of system users is stored on a *nix system. It looks like he tried to exploit some weakness in phpList, and he is able to override some variable that specifies the config file to use. most probably, this would cause some kind of error and the ipconfig file to be discarded, which in this case would be the contents of your password file.

[Spyrus]

The most important thing is that his attempt has failed, as it is seen by the 404 return codes. Possibly you don't yet have phpList installed! This might have just be an automated attack, or someone trying their luck. I get such kind of thing everyday on my servers: people trying to exploit software which is not even installed. Perhaps I would not worry about it , unless you do have phpList or you start to see the similar IP frequently trying other attacks. So stop worrying about. Your not subjected to any sort of risks

[Shazid]

Thank you so much for this explanation. yet if I did see the 404 code that he ended receiving, I was worried a little. This was my first ever entry like that. Hope I won't get too much of these but I will probably be more relax... Thank again! I am really gladful that you helped me with this thing..Its nice to get some tips from the person who has lots of knowledge regarding such concepts..!!!