httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <>
Subject Re: access & error logs -- attempted crack?
Date Mon, 15 Jul 2002 06:12:06 GMT
Sorry for not replying soner. The 6667 stuff do really puzzle me, and I
doubt I will be able to give you any answer.
What we see is, that something (on connected to yourip:80 and
sent Apache a request like:

where you would normally see something like:
"GET /folder/file.html HTTP/1.1"

Apache naturally respondes with a 405 - Method Not Allowed, where the method
would be "CONNECT". I have really no idea why anyone would be doing this,
but I'm somewhat sure it has nothing to do with the other (CodeRed) log
lines. I don't think there is a CONNECT method in the HTTP standard; I'm not
certain but almost. I should go look it up, but too lazy right now ;-).
Anyway, I don't think you need to worry about that one either.

Robert Andersson

----- Original Message -----
From: "Gary Turner" <>
To: <>; "Robert Andersson" <>
Sent: Thursday, July 11, 2002 9:35 PM
Subject: Re: access & error logs -- attempted crack?

> On Thu, 11 Jul 2002 10:44:43 +0200, Robert Andersson wrote:
> >Looks like CodeRed or similar clone, which try to exploit a buffer
> >in MS IIS. It´'s now known that Apache (<1.3.26 && <2.0.39) has a
> >bug, but I don't know how such an attack would look like. But these log
> >entries are certainly intended for IIS.
> Thanks to both Robert and Stephen for timely, helpful answers.  I knew
> there was a reason to run Linux :)
> On the other access.log entry,
> - - [10/Jul/2002:21:32:02 -0500] "CONNECT
> HTTP/1.0" 405 307 "-" "-"
> can anyone explain this?  IRC port?
> --
> gt
> It ain't so much what you don't know that gets you in trouble---
> it's what you do know that ain't so.--unk
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message