httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Williams" <jus...@naturalwebs.com>
Subject Re: [users@httpd] Hacker?
Date Wed, 04 Dec 2002 16:03:46 GMT
Not to deal with script kiddies, but to deal with all the browsers and bots
that ask for favicon.ico, when your client doesn't have one.  Keeps the
error log clear...

----- Original Message -----
From: "Sander Holthaus - Orange XL" <info@orangexl.com>
To: <users@httpd.apache.org>
Sent: Wednesday, December 04, 2002 11:18 AM
Subject: Re: [users@httpd] Hacker?


> Why block favicon.ico??? This has nothing to do with worms, virusses and
> script kiddies...
>
> ----- Original Message -----
> From: "David Tonhofer" <d.tonhofer@m-plify.com>
> To: <users@httpd.apache.org>
> Sent: Wednesday, December 04, 2002 3:27 PM
> Subject: Re: [users@httpd] Hacker?
>
>
> > Yes, actually it's a scan made by a worm. This only affects
> > Microsoft IIS, so no worry.
> >
> > Btw, here's a set of instructions that might be considered
> > for inclusion into httpd.conf. It sends a HTTP 'GONE' return
> > code if someone requests the said file, so there is less
> > crap in the error log:
> >
> > # For worms (Code Red etc.) and script kiddies
> >
> > Redirect gone /scripts
> > Redirect gone /MSADC
> > Redirect gone /c
> > Redirect gone /d
> > Redirect gone /_vti_bin
> > Redirect gone /_mem_bin
> > Redirect gone /msadc
> > Redirect gone /favicon.ico
> > Redirect gone /default.ida
> > Redirect gone /sumthin
> > Redirect gone /galaxy_15592.15938
> > Redirect gone /NULL.printer
> > Redirect gone /NULL.ida
> > Redirect gone /NULL.idq
> >
> >
> > --On Wednesday, December 04, 2002 8:11 PM -0600 "H. Carter Harris"
> > <carter-lists@technettn.net> wrote:
> >
> > > I have a test apache system where I am trying to learn how to use it.
I
> > > got the access_log file working and I noticed the following entries in
> > > the log:
> > >
> > > 66.137.7.57 - - [02/Dec/2002:19:49:26 -0500] "GET
> > > /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 -
> > > 61.56.232.58 - - [02/Dec/2002:19:49:53 -0500] "HEAD / HTTP/1.0" 404 0
> > > 208.47.206.2 - - [02/Dec/2002:22:01:40 -0500] "GET
> > >
> /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+copy+c:\winnt\system32\c
> > > md. exe+c:\inetpub\scripts\script.exe HTTP/1.1" 404 246
> > > 207.198.31.238 - - [03/Dec/2002:00:15:16 -0500] "GET
> > >
> /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+copy+c:\winnt\system32\c
> > > md. exe+c:\inetpub\scripts\script.exe HTTP/1.1" 404 246
> > > 195.92.95.61 - - [03/Dec/2002:05:16:21 -0500] "HEAD
> > > /cobalt-images/welcome2.gif HTTP/1.0" 404 0
> > > 202.62.83.82 - - [03/Dec/2002:10:25:49 -0500] "HEAD / HTTP/1.0" 404 0
> > > 6
> > >
> > > This installation is on a Mandrake Linux box, not NT.  Is someone
trying
> > > to hack into the system?
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> > >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message