You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Michael <m_...@qwest.net> on 2001/10/29 17:40:51 UTC

newbie has a question

Hello, I am new to the list (as of today) and have this "problem" that creeps into the access and error logs that I thought I would see if anyone has a solution or suggestion.

It appears in both my Windows and Linux implementations.

things such as these appear and make the logs VERY difficult to read without writing a program to parse these out.

"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210
"GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208
"GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218
"GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218
"GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
"GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
"GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249

etc..... but I am sure you get the drift.....

any help would be appreciated.......    thanks in advance

Re: newbie has a question

Posted by Graham Leggett <mi...@sharp.fm>.

Michael wrote:

> Hello, I am new to the list (as of today) and have this "problem" that
> creeps into the access and error logs that I thought I would see if
> anyone has a solution or suggestion.
> 
> It appears in both my Windows and Linux implementations.
> 
> things such as these appear and make the logs VERY difficult to read
> without writing a program to parse these out.

These log lines come from external virus/worm infected machines which
are trying to infect your machine. As you're not running IIS these
attempts are unsuccessful. They are valid requests (even though they may
not have valid responses) and thus Apache logs them as usual.

The short answer is that there isn't much you can do about them.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."

RE: newbie has a question

Posted by Joshua Slive <jo...@slive.ca>.

-----Original Message-----
From: Michael [mailto:m_j_thomas@qwest.net]

> Hello, I am new to the list (as of today) and have this "problem"
> that creeps into the access and error logs that I thought I would
> see if anyone has a solution or suggestion.


Sorry.  You just sent this to the bug database, and I told you that was not
appropriate and to try a user support forum.  I gave you the URL:
http://www.apache.org/foundation/mailinglists.html#http-usenet
which lists at the top several appropriate resources.  You ignored those and
sent to the developer list which is clearly (I thought) marked as not for
support questions.

I am not blaming you here, because you are not the first person to do this.
Can you help me clarify that page so that future people will understand not
to send to dev@httpd unless they are interested in server developement?  How
can we make it clearer?

Joshua.