httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Haase-Thomas <...@meome-ag.de>
Subject Re: Straneg access log entries - hacker??
Date Wed, 10 Apr 2002 12:04:30 GMT
that's Code Red. There's a very effective means to get rid of those attacks:
Code Red never comes with a UserAgent.

RewriteEngine On
RewriteLog /path/to/logfile
RewriteLogLevel [0 ... 9]

RewriteCond %{HTTP_USER_AGENT}  ^$
RewriteRule (.*) http://www.microsoft.com$1 [R=permanent]

works very fine

:)
cheers
Martin


DownUnder Dan wrote:

>HI ALL! I downloaded Apache 1.3.22 for win2k and have just installed it. 
>I am a read newbie at this.
>
>I just had a look at the access log and I noticed these entries that cause me to worry
a little:
>80.62.91.126 - - [10/Apr/2002:13:27:35 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404
288
>80.62.91.126 - - [10/Apr/2002:13:27:43 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 298
>80.62.91.126 - - [10/Apr/2002:13:27:50 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 298
>80.62.91.126 - - [10/Apr/2002:13:27:57 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 312
>80.62.91.126 - - [10/Apr/2002:13:28:05 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 329
>80.62.91.126 - - [10/Apr/2002:13:28:12 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 329
>
>A normal entry looks like this:
>62.199.0.4 - - [10/Apr/2002:13:27:19 +0200] "GET /icons/blank.gif HTTP/1.1" 200 148
>
>Can anyone shed light on this?  It someone trying to hack into my computer or is there
some explaination for these entries?
>
>REGARDS!
>Dan
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

-- 
                   http://www.meome.de
-------------------------------------------------------
Martin Haase-Thomas         |       Tel.: 030 43730-558
meOme AG                    |       Fax.: 030 43730-555
Software Development        |           mht@meome-ag.de
-------------------------------------------------------




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message