httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kyle <k...@ccidomain.com>
Subject Re: Straneg access log entries - hacker??
Date Wed, 10 Apr 2002 13:04:48 GMT
Dan,

That's the "signature" for the Nimda worm.  Apache servers are immune
Nimda.  :)

-Kyle

DownUnder Dan wrote:
> 
> HI ALL! I downloaded Apache 1.3.22 for win2k and have just installed it.
> I am a read newbie at this.
> 
> I just had a look at the access log and I noticed these entries that cause me to worry
a little:
> 80.62.91.126 - - [10/Apr/2002:13:27:35 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404
288
> 80.62.91.126 - - [10/Apr/2002:13:27:43 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 298
> 80.62.91.126 - - [10/Apr/2002:13:27:50 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 298
> 80.62.91.126 - - [10/Apr/2002:13:27:57 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 312
> 80.62.91.126 - - [10/Apr/2002:13:28:05 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 329
> 80.62.91.126 - - [10/Apr/2002:13:28:12 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 329
> 
> A normal entry looks like this:
> 62.199.0.4 - - [10/Apr/2002:13:27:19 +0200] "GET /icons/blank.gif HTTP/1.1" 200 148
> 
> Can anyone shed light on this?  It someone trying to hack into my computer or is there
some explaination for these entries?
> 
> REGARDS!
> Dan
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message