httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Staven Bruce <Staven.Br...@valleyair.org>
Subject RE: [users@httpd] new access_log messages
Date Thu, 02 Oct 2003 16:42:53 GMT
Thanks for the info! Is there anything I can do to prevent this kind of
traffic? Or is this just a "fact of Internet life"? I keep up to date with
all patches and security updates from RedHat, I've tried to secure the
server as much as possible, are there other things I should do? Is there
some AV software for Linux/Unix that would help me in this situation?
Suggestions?

Staven Bruce
Network Systems Analyst II

San Joaquin Valley Air Pollution Control District
1990 E.Gettysburg Ave. | Fresno, CA. 93726
(559) 230-6049 | FAX (559) 221-4270
Staven.Bruce@valleyair.org

 -----Original Message-----
From: 	Jeremy D. Weiss [mailto:jdweiss@chanweiss.com] 
Sent:	Thursday, October 02, 2003 9:36 AM
To:	users@httpd.apache.org
Subject:	Re: [users@httpd] new access_log messages


>66.196.65.** - - [29/Sep/2003:13:22:22 -0700] "GET /robots.txt HTTP/1.0"
200
>26 "-" "Mozilla/5.0 (Slurp/si; slurp@inktomi.com;
>http://www.inktomi.com/slurp.html)"

This is a search engine, trying to check to see what your site's rules are, 
about search engines caching pages.  See 
http://www.robotstxt.org/wc/robots.html for more information.

>68.121.147.** - - [29/Sep/2003:21:39:51 -0700] "GET
>/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
X
>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
X
>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
X
>XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3
%
>u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>HTTP/1.0" 404 1059 "-" "-"

attempted attack on IIS

>61.187.156.** - - [30/Sep/2003:12:52:12 -0700] "GET http://www.yahoo.com/
>HTTP/1.1" 200 158 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"

I'm unsure of this one, but it looks like a (failed) attempt to use your 
machine as a proxy.

>216.143.9.** - - [30/Sep/2003:13:47:02 -0700] "GET /scripts/nsiislog.dll"
>404 1059 "-" "-"

unsure again, but I suspect some sort of attempted IIS attack (what with 
the name of the .dll and all :)

>150.208.12.** - - [30/Sep/2003:18:05:31 -0700] "GET /scripts/nsiislog.dll"
>404 1059 "-" "-"

see above

>81.48.160.** - - [01/Oct/2003:07:47:44 -0700] "GET /scripts/nsiislog.dll"
>404 1059 "-" "-"

see above

>168.243.168.** - - [01/Oct/2003:08:13:39 -0700] "GET
>/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 1059 "-" "-"

attempted IIS attack

>217.234.216.** - - [01/Oct/2003:16:46:27 -0700] "GET / HTTP/1.0" 200 158
"-"
>"-"

I'm not sure there's anything wrong with this one, it just appears to be 
someone is trying to get "/" (which would, with the default setup, I 
believe, attempt to serve the index.html in the root wwwdocs directory)

>65.214.36.** - - [01/Oct/2003:21:15:42 -0700] "GET /robots.txt HTTP/1.0"
200
>26 "-" "Mozilla/2.0 (compatible; Ask Jeeves/Teoma)"

see first comment, about search engines.

>208.165.51.** - - [02/Oct/2003:00:59:49 -0700] "GET /scripts/nsiislog.dll"
>404 1059 "-" "-"

see above comments about nsiislog.dll

>216.248.3.** - - [02/Oct/2003:04:13:42 -0700] "GET /scripts/nsiislog.dll"
>404 1059 "-" "-"

see above comments about nsiislog.dll


>64.68.82.** - - [02/Oct/2003:06:14:14 -0700] "GET /robots.txt HTTP/1.0" 200
>26 "-" "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

see first comment, about search engines.


HTH, HAND,
==Jeremy



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message