httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Martens <jmart...@cityofevanston.org>
Subject Re: [users@httpd] stopping hackers
Date Tue, 01 Jul 2003 16:58:22 GMT
If you use Cisco routers, there is a patch that can be installed to
block the code-red virus. I don't know if it works for nimda as well.

On Tue, 2003-07-01 at 09:50, Sam Carleton wrote:

> I discovered my apache web server was down this morning.  When I
> looked at the error log, I discover this:
> 
> 
> [Mon Jun 30 23:32:56 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/MSADC/root.exe
> [Mon Jun 30 23:33:00 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/c/winnt/system32/cmd.exe
> [Mon Jun 30 23:33:04 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/d/winnt/system32/cmd.exe
> [Mon Jun 30 23:33:05 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe
> [Mon Jun 30 23:33:07 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
> [Mon Jun 30 23:33:09 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
> [Mon Jun 30 23:33:10 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe
> [Mon Jun 30 23:33:12 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..../winnt/system32/cmd.exe
> [Mon Jun 30 23:33:15 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/../../winnt/system32/cmd.exe
> [Mon Jun 30 23:33:19 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..\../winnt/system32/cmd.exe
> [Mon Jun 30 23:33:30 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe
> [Mon Jun 30 23:33:32 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..%2f../winnt/system32/cmd.exe
> [Mon Jun 30 23:58:30 2003] [error] [client 216.39.50.54] File does not exist: /usr/local/apache/htdocs/robots.txt
> [Tue Jul  1 00:00:02 2003] [warn] child process 8197 still did not exit, sending a SIGTERM
> [Tue Jul  1 00:00:06 2003] [error] child process 8197 still did not exit, sending a SIGKILL
> [Tue Jul  1 00:00:06 2003] [notice] caught SIGTERM, shutting down
> 
> My two qestions are:
> 
> 1: what is the whole child process 8197 about?
> 
> 2: How should I configure Apache at to not allow this type of an
> attack?
> 
> Sam
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

Mime
View raw message