httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Dessent <>
Subject Re: [users@httpd] Is someone trying to hack my server ??
Date Sun, 14 Sep 2003 05:42:05 GMT
> David wrote:

> Recently I started looking at my access log files and I notice
> something.
> There seems to be a lot of GET request from a particular IP address.
> The problem is, most of the GET request are not very valid.
> He seems to be requesting for documents that DO NOT exist on my
> computer and stuff. He tries to access/request for all sorts and
> different names of documents.

You're not vulnerable, you can ignore it, there's nothing wrong.  That
sort of thing happens to any machine that you put on the public internet
that has port 80 open.  Those scans are for IIS vulnerabilities anyway. 
If you want to be worried about someone hacking you, you'd make much
better use of your time checking all of the PHP scripts you run for
SQL-injection or cross-site scripting flaws.  The last thing you need to
worry about is some lamer that's still infected with Code Red spewing a
few bad requests your way every so often.

Some people on this list will tell you to put all these mod_rewrite
rules in your config file to try and "do something about it" but I think
that's absurd.  Which do you think takes more resources: Letting apache
return it's usual 200-some byte error page to bad/malformed requests
like these; or having Apache test EVERY url it processes against a list
of 10 or 20 regexes and STILL end up returning the same "forbidden" or
"not found" error page.  I just don't see the point.  You're not saving
anything by doing that.  Just let apache deal with it.  </rant>


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message