httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Burns" <jbu...@jeffburns.org>
Subject Re: I'm being scanned... What do I do?
Date Sun, 30 Dec 2001 21:46:55 GMT
Understandable, lot's of ISP's get mad, but network security includes
network responsibility in my opinion.
----- Original Message -----
From: "Webmaster" <webmaster@rolysvirtualpets.com>
To: <users@httpd.apache.org>
Sent: Sunday, December 30, 2001 2:36 PM
Subject: Re: I'm being scanned... What do I do?


> If i had that module Abovenet Communications would get mad.
>
> Webmaster wrote:
> >
> > my system gets about 1000-2000 Code red and Nimda scans per week.
> >
> > Jeff Burns wrote:
> > >
> > > hmmmm Nimda....fun stuff.
> > > Try this site.  http://www.treachery.net/~jdyson/earlybird/
> > >
> > > He has an add-in for apache that responds to Nimda and Code Red scans
via
> > > email to the owner of the netblock according to the Arin database.
You
> > > won't likely get a REAL response from the owner but at least you've
done
> > > your part to notify the owner.
> > >
> > > Simple installation, and config.  Even I was able to do it!
> > >
> > > Thanx, Jef
> > > ----- Original Message -----
> > > From: "Allen May" <umayxa3@donet.com>
> > > To: "Apache" <users@httpd.apache.org>
> > > Sent: Sunday, December 30, 2001 6:49 AM
> > > Subject: I'm being scanned... What do I do?
> > >
> > > > My home network keeps getting scanned by some network trying to get
a
> > > WinNT
> > > > command line.
> > > >
> > > > This log snippet below is from my /etc/httpd/logs/error_log file
(see
> > > > below). There are 12,614 occurances of this type scan. I don't have
a
> > > static
> > > > IP. I only have one file in my /var/www/html/domains directory...
the
> > > > default index.html file. I don't have a scripts  folder.
> > > >
> > > > Is there anything I can do to trace back to the owner of that
computer and
> > > > let them know that A) they have a virus or B) ask them to stop
filing up
> > > my
> > > > log.
> > > >
> > > > Thanks
> > > >
> > > > -Allen
> > > >
> > > >
> > > > [Tue Dec  4 17:06:12 2001] [error] [client 64.105.78.125] File does
not
> > > > exist: /var/www/html/domains/scripts/..Á../winnt/system32/cmd.exe
> > > > [Tue Dec  4 17:06:12 2001] [error] [client 64.105.78.125] File does
not
> > > > exist: /var/www/html/domains/scripts/..À¯../winnt/system32/cmd.exe
> > > > [Tue Dec  4 17:06:12 2001] [error] [client 64.105.78.125] File does
not
> > > > exist: /var/www/html/domains/scripts/..Á../winnt/system32/cmd.exe
> > > > [Tue Dec  4 17:06:13 2001] [error] [client 64.105.78.125] File does
not
> > > > exist: /var/www/html/domains/scripts/..%5c../winnt/system32/cmd.exe
> > > > [Tue Dec  4 17:06:13 2001] [error] [client 64.105.78.125] File does
not
> > > > exist: /var/www/html/domains/scripts/..%2f../winnt/system32/cmd.exe
> > > > [Tue Dec  4 17:28:50 2001] [error] [client 64.105.127.100] File does
not
> > > > exist: /var/www/html/domains/c/winnt/system32/cmd.exe
> > > >
> > > >
> > > >
> > >
> ---------------------------------------------------------------------
> > > > The official User-To-User support forum of the Apache HTTP Server
Project.
> > > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message