httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "gcobb" <gc...@midsouth.rr.com>
Subject RE: [users@httpd] Errors!!!!
Date Fri, 17 Jan 2003 19:19:17 GMT
This is good information!  Thanks for sharing it with us.

Greg

> -----Original Message-----
> From: Erwien Samantha Y [mailto:apache@cosinus.sederhana.or.id] 
> Sent: Friday, January 17, 2003 10:44 AM
> To: apache
> Subject: Re: [users@httpd] Errors!!!!
> 
> 
> 
> Add this to your httpd.conf
> 
> ##############################################
> ##### Remove IIS worm From LOG ############### 
> #############################################
> SetEnvIfNoCase Request_URI "^/scripts/"  nolog
> SetEnvIfNoCase Request_URI "^/msadc/"    nolog
> SetEnvIfNoCase Request_URI "^/MSADC/"    nolog
> SetEnvIfNoCase Request_URI "^/_vti_bin/" nolog
> SetEnvIfNoCase Request_URI "^/_mem_bin/" nolog
> SetEnvIfNoCase Request_URI "^/c/winnt/"  nolog
> SetEnvIfNoCase Request_URI "^/d/winnt/"  nolog 
> SetEnvIfNoCase Request_URI "^/default.ida" nolog
> Redirect gone /scripts/
> Redirect gone /msadc/
> Redirect gone /MSADC/
> Redirect gone /_vti_bin/
> Redirect gone /_mem_bin/
> Redirect gone /c/winnt/
> Redirect gone /d/winnt/
> Redirect gone /default.ida
> 
> 
> CustomLog /where/path/your/access_log combined env=!nolog
> 
> 
> regards,
> 
> wIEn
> On Fri, 2003-01-17 at 09:06, system@eluminoustechnologies.com wrote:
> > Hello All,
> >  
> > Now this time the IPs are changed? Do u all think that my 
> assumption 
> > is Correct Could all these Machine's Contains Code-Red 
> Virus and they 
> > are tyring to access my server? All these ips are sending malform 
> > header to my server ? or may be thery are Spoofed?
> >  
> > 200.47.173.193
> > 24.193.133.39
> > 24.112.84.250
> > 213.10.131.56
> > 63.187.80.237
> > 195.38.28.40
> > 148.223.124.179
> > 217.157.86.9
> > 218.5.87.83
> >  
> > [root@server admusr]# cat /etc/httpd/logs/access_log | grep
> > 217.157.86.9 
> > 217.157.86.9 - - [17/Jan/2003:03:17:39 -0500] "GET
> > 
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u685
8%ucbd3%u7801%u9090%u6858%ucbd3%>
u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8
b00%u531b%u53ff%u0078%u0000%u00=a  > HTTP/1.0" 400 333 "-" "-"
> > [root@server admusr]# cat /etc/httpd/logs/access_log | grep 
> > 218.5.87.83 
> > 218.5.87.83 - - [17/Jan/2003:03:52:03 -0500] "GET
> > 
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u685
8%ucbd3%u7801%u9090%u6858%ucbd3%>
u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8
b00%u531b%u53ff%u0078%u0000%u00=a  > HTTP/1.0" 400 327 "-" "-"
> > 
> > Help me pls.
> >  
> > Regards,
> >  
> > Cindy
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project. See 
> <URL:http://httpd.apache.org/userslist.html> for more info. 
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message