httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Turner <>
Subject Re: [users@httpd] data in the error log file
Date Fri, 10 Jan 2003 03:32:29 GMT
Arun kumar R wrote:

First, it is better to start a new message thread than to 'reply' to an
existing thread and change the subject.  Many of the better MUAs thread
by message reference IDs, not subject line.

>I am having the below listed type of messages in my
>log files daily. I am blocking some IP address but
>they are comming with new IP address again.

The attacks come from random infected systems.  It is unlikely that you
wills see any one IP a second time.

>Can anyone
>help me in understand what they are trying to do and
>how to restrict them.
> - - [09/Jan/2003:09:43:25 -0800] "GET
> HTTP/1.0" 400 309 "-" "-"

This is the code red worm.  For more info, see:

> - - [09/Jan/2003:10:53:28 -0800] "GET
>404 1079 "-" "-"

This is the Nimda worm.  For more info, see:

> - - [09/Jan/2003:11:38:38 -0800] "GET
>/sumthin HTTP/1.0" 404 1079 "-" "-"

This is WTF.  In other words, not a clue :)  It does not appear to be
malicious, or other than a bad URL or fishing expedition.

The hosts making these requests are not the bad guys, they're just
clueless.  If I have a few minutes, I'll send an email, including log
excerpt, to the host or its ISP.  I cc: my own ISP.  Not enough energy
in the world to help all the folks running MS security jokes.
 If someone tells you---
 "I have a sense of humor, but that's not funny." 
                                  ---they don't.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message