httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Colson <scol...@westpole.com>
Subject Re: [users@httpd] Hacker?
Date Wed, 04 Dec 2002 14:29:19 GMT
This is nothing you really need to worry about. What you are seeing is  
nimda (http://www.cert.org/advisories/CA-2001-26.html) scanning your  
system to no avail. It doesn't actually do anything to apache users  
other than fill your logs. Keep in mind this is not a person trying to  
"hack" your system, but rather a worm that has semi-randomly selected  
your IP to see if you are running an unpatched version of IIS. Good  
thing you're not running IIS :-)

-s


On Wednesday, Dec 4, 2002, at 21:11 America/Detroit, H. Carter Harris  
wrote:
> I have a test apache system where I am trying to learn how to use it.   
> I got
> the access_log file working and I noticed the following entries in the  
> log:
>
> 66.137.7.57 - - [02/Dec/2002:19:49:26 -0500] "GET
> /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 -
> 61.56.232.58 - - [02/Dec/2002:19:49:53 -0500] "HEAD / HTTP/1.0" 404 0
> 208.47.206.2 - - [02/Dec/2002:22:01:40 -0500] "GET
> /scripts/..%255c..%255cwinnt/system32/cmd.exe?/ 
> c+copy+c:\winnt\system32\cmd.
> exe+c:\inetpub\scripts\script.exe HTTP/1.1" 404 246
> 207.198.31.238 - - [03/Dec/2002:00:15:16 -0500] "GET
> /scripts/..%255c..%255cwinnt/system32/cmd.exe?/ 
> c+copy+c:\winnt\system32\cmd.
> exe+c:\inetpub\scripts\script.exe HTTP/1.1" 404 246
> 195.92.95.61 - - [03/Dec/2002:05:16:21 -0500] "HEAD
> /cobalt-images/welcome2.gif HTTP/1.0" 404 0
> 202.62.83.82 - - [03/Dec/2002:10:25:49 -0500] "HEAD / HTTP/1.0" 404 0
> 6
>
> This installation is on a Mandrake Linux box, not NT.  Is someone  
> trying to
> hack into the system?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message