httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Turner <kk...@sbcglobal.net>
Subject Re: [users@httpd] data in the error log file
Date Fri, 10 Jan 2003 03:32:29 GMT
Arun kumar R wrote:

First, it is better to start a new message thread than to 'reply' to an
existing thread and change the subject.  Many of the better MUAs thread
by message reference IDs, not subject line.

>I am having the below listed type of messages in my
>log files daily. I am blocking some IP address but
>they are comming with new IP address again.

The attacks come from random infected systems.  It is unlikely that you
wills see any one IP a second time.

>Can anyone
>help me in understand what they are trying to do and
>how to restrict them.
>
>67.2.46.255 - - [09/Jan/2003:09:43:25 -0800] "GET
>/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 400 309 "-" "-"

This is the code red worm.  For more info, see:

	http://www.cert.org/advisories/CA-2001-23.html

>65.70.33.186 - - [09/Jan/2003:10:53:28 -0800] "GET
>/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir"
>404 1079 "-" "-"

This is the Nimda worm.  For more info, see:

	http://www.cert.org/advisories/CA-2001-26.html

>66.236.93.67 - - [09/Jan/2003:11:38:38 -0800] "GET
>/sumthin HTTP/1.0" 404 1079 "-" "-"

This is WTF.  In other words, not a clue :)  It does not appear to be
malicious, or other than a bad URL or fishing expedition.

The hosts making these requests are not the bad guys, they're just
clueless.  If I have a few minutes, I'll send an email, including log
excerpt, to the host or its ISP.  I cc: my own ISP.  Not enough energy
in the world to help all the folks running MS security jokes.
--
gt                  kk5st@sbcglobal.net
 If someone tells you---
 "I have a sense of humor, but that's not funny." 
                                  ---they don't.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message