Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 47683 invoked by uid 500); 10 Jan 2003 02:07:29 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 47671 invoked from network); 10 Jan 2003 02:07:29 -0000 Received: from unknown (HELO nova.terranovum.com) (64.213.105.104) by daedalus.apache.org with SMTP; 10 Jan 2003 02:07:29 -0000 Received: from terranovum.com (209-6-223-56.c3-0.wtr-ubr1.sbo-wtr.ma.cable.rcn.com [209.6.223.56]) by nova.terranovum.com (8.12.5/8.12.5) with ESMTP id h0A2LF1Y016655 for ; Thu, 9 Jan 2003 21:21:15 -0500 Message-ID: <3E1E2AE8.9070908@terranovum.com> Date: Thu, 09 Jan 2003 21:07:36 -0500 From: Thomas Bolioli User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@httpd.apache.org References: <20030110015811.94837.qmail@web11601.mail.yahoo.com> In-Reply-To: <20030110015811.94837.qmail@web11601.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] data in the error log file Be glad you run Apache ;-) The first two are IIS cracks (virii) and will only infect unpatched Win NT based IIS installations. One is Code Red et al;. The second is a common one of origin I do not know. The third is ??? Tom Arun kumar R wrote: >I am having the below listed type of messages in my >log files daily. I am blocking some IP address but >they are comming with new IP address again. Can anyone >help me in understand what they are trying to do and >how to restrict them. > >67.2.46.255 - - [09/Jan/2003:09:43:25 -0800] "GET >/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a > HTTP/1.0" 400 309 "-" "-" >65.70.33.186 - - [09/Jan/2003:10:53:28 -0800] "GET >/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" >404 1079 "-" "-" >66.236.93.67 - - [09/Jan/2003:11:38:38 -0800] "GET >/sumthin HTTP/1.0" 404 1079 "-" "-" > >Regards >Arun > >__________________________________________________ >Do you Yahoo!? >Yahoo! Mail Plus - Powerful. Affordable. Sign up now. >http://mailplus.yahoo.com > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP Server Project. >See for more info. >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org >For additional commands, e-mail: users-help@httpd.apache.org > > -- ----------------------------------------------------- Terra Novum Research info@terranovum.com www.terranovum.com (617) 923-4132 PO Box 362 Watertown, MA 02471-0362 "If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy." -- James Madison, as a United States Congressman --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org