httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Webmaster <webmas...@rolysvirtualpets.com>
Subject Re: I'm being scanned... What do I do?
Date Sun, 30 Dec 2001 21:36:08 GMT
If i had that module Abovenet Communications would get mad.

Webmaster wrote:
> 
> my system gets about 1000-2000 Code red and Nimda scans per week.
> 
> Jeff Burns wrote:
> >
> > hmmmm Nimda....fun stuff.
> > Try this site.  http://www.treachery.net/~jdyson/earlybird/
> >
> > He has an add-in for apache that responds to Nimda and Code Red scans via
> > email to the owner of the netblock according to the Arin database.  You
> > won't likely get a REAL response from the owner but at least you've done
> > your part to notify the owner.
> >
> > Simple installation, and config.  Even I was able to do it!
> >
> > Thanx, Jef
> > ----- Original Message -----
> > From: "Allen May" <umayxa3@donet.com>
> > To: "Apache" <users@httpd.apache.org>
> > Sent: Sunday, December 30, 2001 6:49 AM
> > Subject: I'm being scanned... What do I do?
> >
> > > My home network keeps getting scanned by some network trying to get a
> > WinNT
> > > command line.
> > >
> > > This log snippet below is from my /etc/httpd/logs/error_log file (see
> > > below). There are 12,614 occurances of this type scan. I don't have a
> > static
> > > IP. I only have one file in my /var/www/html/domains directory... the
> > > default index.html file. I don't have a scripts  folder.
> > >
> > > Is there anything I can do to trace back to the owner of that computer and
> > > let them know that A) they have a virus or B) ask them to stop filing up
> > my
> > > log.
> > >
> > > Thanks
> > >
> > > -Allen
> > >
> > >
> > > [Tue Dec  4 17:06:12 2001] [error] [client 64.105.78.125] File does not
> > > exist: /var/www/html/domains/scripts/..Á../winnt/system32/cmd.exe
> > > [Tue Dec  4 17:06:12 2001] [error] [client 64.105.78.125] File does not
> > > exist: /var/www/html/domains/scripts/..À¯../winnt/system32/cmd.exe
> > > [Tue Dec  4 17:06:12 2001] [error] [client 64.105.78.125] File does not
> > > exist: /var/www/html/domains/scripts/..Á../winnt/system32/cmd.exe
> > > [Tue Dec  4 17:06:13 2001] [error] [client 64.105.78.125] File does not
> > > exist: /var/www/html/domains/scripts/..%5c../winnt/system32/cmd.exe
> > > [Tue Dec  4 17:06:13 2001] [error] [client 64.105.78.125] File does not
> > > exist: /var/www/html/domains/scripts/..%2f../winnt/system32/cmd.exe
> > > [Tue Dec  4 17:28:50 2001] [error] [client 64.105.127.100] File does not
> > > exist: /var/www/html/domains/c/winnt/system32/cmd.exe
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message