httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Issa Mbodji <issambo...@yahoo.com>
Subject RE: [users@httpd] My Apache Access Log
Date Sun, 22 Jun 2003 20:09:54 GMT
Thanks, I will try it.

Jeff Cohen <support@gej-it.com> wrote:Next time plain text please.
Add these lines and it will log any requests into a different log file.

SetEnvIfNoCase Request_URI "default\.ida?|root\.|cmd\.exe" is_attack
CustomLog logs/access.log combined env=!is_attack
CustomLog logs/attack.log combined env=is_attack

All the best,
Jeff Cohen
Support@GEJ-IT.com
Tel. (416) 917-2324
www.GEJ-IT.com
GEJ-IT Networks!
-----Original Message-----
From: Issa Mbodji [mailto:issambodji@yahoo.com] 
Sent: Sunday, June 22, 2003 10:35 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] My Apache Access Log

Thanks for the clarification. But my other question then is if there is a
way for me to stop these messages from showing in my log file. It is good to
know that there is no harm or Apache users, but it will be great if I find a
way to stop it.
 
Thanks,

Tim Wort wrote:


The two log entries you mentioned are from nimda and code red worms (not
virus), they infect unpatched IIS (Microsoft's Internet Information
Server) web servers but not apache. Once a IIS webserver in infected the
worm attempts to connect to other IP address on port 80 looking for
another server to infect. It isn't a problem for apache users other than
the noise in your log files.

The worms are well known, the servers (IIS) are patchable it's to bad that
so many Microsoft users either do not know they have IIS running or are to
lazy to clean up their systems and patch or just don't have enough
knowledge to do something about it or in most cases arn't even aware they
are infected.

I would go on but then the nine out of ten Microsoft users that aren't
knowlegeable would take exception and think this is just a flame, I don't
have time (for them). I think your log files speak for themselves.


On Sun, 22 Jun 2003, Mac Serve wrote:

> What is a "NimdA@" virus and what is a "IIS server"? Never herd of them.
>
> - Mike
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Inkling Research Inc. =
= Tim.Wort@InklingResearch.com =
= Tim.Wort@pobox.com =
= =
= Sun Certified Security =
= Administrator =
= =
= Eschew Obfuscation =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



Mame Issa Mbodji 
3201 Weeping Willow Ct # 33 
Silver Spring, MD , 20906 
Tel. (301) 603-0847 
e-mail: issambodji@yahoo.com

---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
Mime
View raw message