You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Frederik M. Balster-Philips van Buren" <fb...@batraco.se> on 2004/01/26 00:11:42 UTC
[users@httpd] some questions...
Hi,
'm a complete novice to Apache so I may have plenty of question in
the beginning. I'll try to read the FAQs and the dokumentation as
carefully as I can but I'm also a 53yo non-anglosaxon so I may
sometimes have difficulties understanding those.
I installed the EasyPHP (http://www.easyphp.org/) for Windows
package. With that came apache 1.3. However somewhere in the docs I
read that version 2.0 is much more stable and secure with windows.
So my first question is: can I simply and safely install v 2.0 *over*
v 1.3?
Second question is: what do the following lines in the log mean:
145.254.214.216 - - [25/Jan/2004:19:51:01 +0100] "GET
/.hash=aaa8bcf2007237fffc0b3c87f0cca7ee821f4db4 HTTP/1.1" 404 360
145.254.214.216 - - [25/Jan/2004:19:54:50 +0100] "GET
/.hash=277ef9befc47984a9a4f75ebc3af37b9e69190b5 HTTP/1.1" 404 360
and also
211.226.89.189 - - [25/Jan/2004:21:19:18 +0100] "GET
/scripts/nsiislog.dll" 404 -
As far as I could discover I have no file with that name. As I said,
please have patience with me as I'm still learning to interpret the
logs. Thank you...
--
Ha en bra dag - Vsego horoshego - Have a nice day,
Frederik M. Balster-Philips van Buren
fbalster@batraco.se
fmbalster@hotmail.com
fmbalster@yahoo.com
ICQ: 13588283
Phone/Fax: +46 (0)36-65803
-----------------------------------------------------------
Thought for the day:
Book: a utensil used to pass time while waiting
for the TV repairman.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] some questions...
Posted by "Frederik M. Balster-Philips van Buren" <fb...@batraco.se>.
Hi,
I thought it was something like that. Just wasn't sure about it and
how much damage it could do. Thanks!...
On 26 Jan 2004 at 1:09, Rafael Faura wrote:
>
> [...]
>
> 211.226.89.189 - - [25/Jan/2004:21:19:18 +0100] "GET
> /scripts/nsiislog.dll" 404 -
>
> [...]
>
>
> That's seems like an IIS (Microsoft Internet Information Services, the
> Microsoft Webserver) scanner scanning for possible
> vulnerabilities/exploits into your server. The '404' at the end of
> your line is one of the HTTP error codes that means 'file not found'
> (the scanner can't find the requested file).
>
> You'll probably see, with the time, more lines into your log files,
> lines like:
>
> xxx.xxx.xxx.xxx - - [08/Jan/2004:18:04:02 +0100] "get
> /scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0
> %af/wi nnt/system32/cmd.exe?/c%20dir" 501
>
> xxx.xxx.xxx.xxx - - [16/Jan/2004:00:05:03 +0100] "GET
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
>
> ... and so on.
>
>
> Near 100% of those scanners or 'exploits' attempts only works on IIS
> (thanks to the **big security holes** that IIS 4, IIS 5 & IIS 6 had -
> or still have, who knows). From my small and little experience Apache
> is free of them.
>
>
>
> -----------------------------
> Rafael Faura Cucalón
> Web Developer
> rfaura@bassy.net
>
> Bassy Servicios Informáticos
> http://www.bassy.net
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project. See <URL:http://httpd.apache.org/userslist.html> for more
> info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org For
> additional commands, e-mail: users-help@httpd.apache.org
>
--
Ha en bra dag - Vsego horoshego - Have a nice day,
Frederik M. Balster-Philips van Buren
fbalster@batraco.se
fmbalster@hotmail.com
fmbalster@yahoo.com
ICQ: 13588283
Phone/Fax: +46 (0)36-65803
-----------------------------------------------------------
Thought for the day:
Intuition: an uncanny sixth sense which tells people
that they are right, whether they are or not.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] some questions...
Posted by Rafael Faura <rf...@bassy.net>.
[...]
211.226.89.189 - - [25/Jan/2004:21:19:18 +0100] "GET
/scripts/nsiislog.dll" 404 -
[...]
That's seems like an IIS (Microsoft Internet Information Services, the
Microsoft Webserver) scanner scanning for possible vulnerabilities/exploits
into your server. The '404' at the end of your line is one of the HTTP error
codes that means 'file not found' (the scanner can't find the requested
file).
You'll probably see, with the time, more lines into your log files, lines
like:
xxx.xxx.xxx.xxx - - [08/Jan/2004:18:04:02 +0100] "get
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi
nnt/system32/cmd.exe?/c%20dir" 501
xxx.xxx.xxx.xxx - - [16/Jan/2004:00:05:03 +0100] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
... and so on.
Near 100% of those scanners or 'exploits' attempts only works on IIS (thanks
to the **big security holes** that IIS 4, IIS 5 & IIS 6 had - or still have,
who knows). From my small and little experience Apache is free of them.
-----------------------------
Rafael Faura Cucalón
Web Developer
rfaura@bassy.net
Bassy Servicios Informáticos
http://www.bassy.net
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org