httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] error messeges in my log
Date Fri, 05 Dec 2003 19:04:03 GMT
On Fri, 5 Dec 2003, Patrick O'Neal wrote:
> I am running Apache 2.0.47 on RH9 I have been getting these error
> messages in my log for quite some time but I haven't been too concerned
> about it because they seem to have to do with MSIIS vulnerabilities but
> is that actually true, with the new found attacks on the gentoo.org and
> gnu.org servers lately I am re-investigating this to see if it needs
> addressing. Have any of you found this problem as well, and if so what
> did you do if anything to make it stop?
>
> I have included a paste of my log to show you what I am talking about.
>
> 68.55.245.17 - - [05/Dec/2003:12:13:30 -0600] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1012

None of the recent attacks were on HTTP server software.  From what I've
read, they were through a sniffed password, a hole in rsyncd, and a linux
kernel flaw.

This doesn't mean, of course, that flaws in apache are not possible.  But
your log clearly shows an IIS attack, so there is no need to worry.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message