httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <ja...@shaw.ca>
Subject Re: [users@httpd] Re: httpd-access.log query
Date Fri, 13 Sep 2002 03:37:38 GMT
yup, the root.exe is nimda and the cmd.exe is codered
getting a lot of them, from my isp's machines.
I just send them a new 5MB log file every couple of days reminding them 
they are infected.

though I LIKE the idea of sending the requests to microsoft. ):-)

Carrie Salazar wrote:
> Since you use Apache & getting 404 errors they are nothing really 
> to worry about since they are just infected computers scanning in 
> attempts to exploit IIS/Window$ machines.  The only damage to 
> Apache is all these flooded log files.  If you want to spare
> your log files you can try putting some lines in your config
> file to redirect ALL of them to trash (or to Microsoft ;).
> --
> carrie s.
> 
> 
>>Date: Fri, 13 Sep 2002 10:21:09 +1000
>>To: <users@httpd.apache.org>
>>From: "Doug Young" <dougy@brizzie.org>
>>Subject: httpd-access.log query
>>Message-ID: <210801c25abb$7727b3b0$0300a8c0@oracle>
>>
>>Been getting HEAPS of messages like these in httpd-access.log lately ....
>>assume the
>>script kiddies at play again ... not that those commands won't help them
>>much on a unix
>>system. I've been firewall the offending IPs but wonder if there is a better
>>remedy.
>>
>>Any suggestions / comments ??
>>
>>203.51.185.233 - - [13/Sep/2002:04:02:05 +1000] "GET
>>/scripts/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-"
>>203.51.185.233 - - [13/Sep/2002:04:02:06 +1000] "GET /MSADC/root.exe?/c+dir
>>HTTP/1.0" 404 276 "-" "-"
>>203.51.185.233 - - [13/Sep/2002:04:02:07 +1000] "GET
>>/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286 "
>>203.51.185.233 - - [13/Sep/2002:04:02:07 +1000] "GET
>>
> ...ad nauseum
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message