httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Carleton <scarleton-apa...@miltonstreet.com>
Subject [users@httpd] stopping hackers
Date Tue, 01 Jul 2003 14:50:39 GMT
I discovered my apache web server was down this morning.  When I
looked at the error log, I discover this:


[Mon Jun 30 23:32:56 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/MSADC/root.exe
[Mon Jun 30 23:33:00 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/c/winnt/system32/cmd.exe
[Mon Jun 30 23:33:04 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/d/winnt/system32/cmd.exe
[Mon Jun 30 23:33:05 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe
[Mon Jun 30 23:33:07 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Mon Jun 30 23:33:09 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Mon Jun 30 23:33:10 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe
[Mon Jun 30 23:33:12 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..../winnt/system32/cmd.exe
[Mon Jun 30 23:33:15 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..../winnt/system32/cmd.exe
[Mon Jun 30 23:33:19 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..../winnt/system32/cmd.exe
[Mon Jun 30 23:33:30 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe
[Mon Jun 30 23:33:32 2003] [error] [client 65.27.114.84] File does not exist: /usr/local/apache/htdocs/scripts/..%2f../winnt/system32/cmd.exe
[Mon Jun 30 23:58:30 2003] [error] [client 216.39.50.54] File does not exist: /usr/local/apache/htdocs/robots.txt
[Tue Jul  1 00:00:02 2003] [warn] child process 8197 still did not exit, sending a SIGTERM
[Tue Jul  1 00:00:06 2003] [error] child process 8197 still did not exit, sending a SIGKILL
[Tue Jul  1 00:00:06 2003] [notice] caught SIGTERM, shutting down

My two qestions are:

1: what is the whole child process 8197 about?

2: How should I configure Apache at to not allow this type of an
attack?

Sam

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message