httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frederik M. Balster-Philips van Buren" <fbals...@batraco.se>
Subject RE: [users@httpd] some questions...
Date Mon, 26 Jan 2004 00:43:24 GMT
Hi,
I thought it was something like that. Just wasn't sure about it and 
how much damage it could do. Thanks!...

On 26 Jan 2004 at 1:09, Rafael Faura wrote:

> 
> [...]
> 
> 211.226.89.189 - - [25/Jan/2004:21:19:18 +0100] "GET 
> /scripts/nsiislog.dll" 404 -
> 
> [...]
> 
> 
> That's seems like an IIS (Microsoft Internet Information Services, the
> Microsoft Webserver) scanner scanning for possible
> vulnerabilities/exploits into your server. The '404' at the end of
> your line is one of the HTTP error codes that means 'file not found'
> (the scanner can't find the requested file).
> 
> You'll probably see, with the time, more lines into your log files,
> lines like:
> 
> xxx.xxx.xxx.xxx - - [08/Jan/2004:18:04:02 +0100] "get
> /scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0
> %af/wi nnt/system32/cmd.exe?/c%20dir" 501
> 
> xxx.xxx.xxx.xxx - - [16/Jan/2004:00:05:03 +0100] "GET
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
> 
> ... and so on.
> 
> 
> Near 100% of those scanners or 'exploits' attempts only works on IIS
> (thanks to the **big security holes** that IIS 4, IIS 5 & IIS 6 had -
> or still have, who knows). From my small and little experience Apache
> is free of them.
> 
> 
> 
> -----------------------------
> Rafael Faura Cucalón
> Web Developer
> rfaura@bassy.net
> 
> Bassy Servicios Inform√°ticos
> http://www.bassy.net
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project. See <URL:http://httpd.apache.org/userslist.html> for more
> info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org For
> additional commands, e-mail: users-help@httpd.apache.org
> 

-- 
Ha en bra dag - Vsego horoshego - Have a nice day,
Frederik M. Balster-Philips van Buren
fbalster@batraco.se
fmbalster@hotmail.com
fmbalster@yahoo.com
ICQ: 13588283
Phone/Fax: +46 (0)36-65803
-----------------------------------------------------------
Thought for the day:
    Intuition: an uncanny sixth sense which tells people 
    that they are right, whether they are or not.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message