You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Michael Klama <no...@tampabay.rr.com> on 2002/12/16 13:49:28 UTC

[users@httpd] Access Logs

Can anyone tell me what the following line in my access logs means?  It
has showed up about 100 times already this morning.  

GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c-dir HTTP/1.0 404
293

Also is there a man or how-to on reading the access logs or configuring
the access logs?

Thanks for the help

Mike



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Access Logs

Posted by Marco Berizzi <pu...@hotmail.com>.

----- Original Message -----
From: "Michael Klama" <no...@tampabay.rr.com>
Subject: [users@httpd] Access Logs


> Can anyone tell me what the following line in my access logs means?
It
> has showed up about 100 times already this morning.
>
> GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c-dir HTTP/1.0 404
> 293

Probably your web server is probed by the nimda worm.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Access Logs

Posted by Michael Klama <no...@tampabay.rr.com>.

None of the entries have anything but code 404 up to this point.  Is
there a man page or how-to on reading access logs?

Mike

-----Original Message-----
From: Ylva Gavel [mailto:ylva.gavel@kib.ki.se] 
Sent: Monday, December 16, 2002 7:57 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Access Logs

This an attempted attack at your system (by the Red Code
virus, Nimda or something like that). The return code 404
means that the attempt was unsuccessful. Normally, attacks
like this are harmless unless they consume too much bandwidth.
However, if any weird GET command should return the
code 200, there is a reason for concern.

Regards,

           Ylva

Michael Klama wrote:

> Can anyone tell me what the following line in my access logs means?
It
> has showed up about 100 times already this morning.  
> 
> GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c-dir HTTP/1.0 404
> 293
> 
> Also is there a man or how-to on reading the access logs or
configuring
> the access logs?
> 
> Thanks for the help
> 
> Mike
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Access Logs

Posted by Ylva Gavel <yl...@kib.ki.se>.

This an attempted attack at your system (by the Red Code
virus, Nimda or something like that). The return code 404
means that the attempt was unsuccessful. Normally, attacks
like this are harmless unless they consume too much bandwidth.
However, if any weird GET command should return the
code 200, there is a reason for concern.

Regards,

           Ylva

Michael Klama wrote:

> Can anyone tell me what the following line in my access logs means?  It
> has showed up about 100 times already this morning.  
> 
> GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c-dir HTTP/1.0 404
> 293
> 
> Also is there a man or how-to on reading the access logs or configuring
> the access logs?
> 
> Thanks for the help
> 
> Mike
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org