You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Arun kumar R <ra...@yahoo.com> on 2003/01/10 02:58:11 UTC
[users@httpd] data in the error log file
I am having the below listed type of messages in my
log files daily. I am blocking some IP address but
they are comming with new IP address again. Can anyone
help me in understand what they are trying to do and
how to restrict them.
67.2.46.255 - - [09/Jan/2003:09:43:25 -0800] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 309 "-" "-"
65.70.33.186 - - [09/Jan/2003:10:53:28 -0800] "GET
/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir"
404 1079 "-" "-"
66.236.93.67 - - [09/Jan/2003:11:38:38 -0800] "GET
/sumthin HTTP/1.0" 404 1079 "-" "-"
Regards
Arun
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] data in the error log file
Posted by Dennis Veatch <dv...@woh.rr.com>.
It is servers (Windows with IIS) infected with Codered worm looking for other
like servers. See this link for info:
http://www.apacheweek.com/features/codered
>
> 67.2.46.255 - - [09/Jan/2003:09:43:25 -0800] "GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3
>%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 400 309 "-" "-"
> 65.70.33.186 - - [09/Jan/2003:10:53:28 -0800] "GET
> /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir"
> 404 1079 "-" "-"
> 66.236.93.67 - - [09/Jan/2003:11:38:38 -0800] "GET
> /sumthin HTTP/1.0" 404 1079 "-" "-"
>
> Regards
> Arun
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
--
Registered Linux User - 193414
"Windows: A thirty-two bit extension and graphical shell to a sixteen-bit
patch to an eight-bit operating system originally coded for a four-bit
microprocessor which was written by a two-bit company that can't stand one
bit of competition." -- Jargon File Resouces.
Sig for OSS: Never be afraid to try something yourself, remember amateurs
built the Ark, professionals built the Titanic.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] data in the error log file
Posted by Dennis Veatch <dv...@woh.rr.com>.
Yes
> msg Freitag 10 Januar 2003 17:02 by Jacob Coby:
> > >/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > >NN N
> >
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NN N
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NN N
> > NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
> >bd 3
> > %u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>
> I have this nimda variant too in the log file;
> but my access_log shows actually some new kind of attack:
> 217.80.107.136 - - [10/Jan/2003:21:20:04 +0100] "�" 501 - "-" "-"
> 212.202.178.140 - - [10/Jan/2003:21:34:48 +0100] "�" 501 - "-" "-"
> 217.80.107.136 - - [10/Jan/2003:21:35:19 +0100] "�" 501 - "-" "-"
> 137.194.36.1 - - [10/Jan/2003:21:49:08 +0100] "�" 501 - "-" "-"
> 217.80.107.136 - - [10/Jan/2003:21:50:18 +0100] "�" 501 - "-" "-"
> 217.225.31.42 - - [10/Jan/2003:21:52:49 +0100] "�" 501 - "-" "-"
> 139.19.2.50 - - [10/Jan/2003:21:55:48 +0100] "�" 501 - "-" "-"
> 217.80.107.136 - - [10/Jan/2003:22:05:17 +0100] "�" 501 - "-" "-"
> 217.80.107.136 - - [10/Jan/2003:22:20:08 +0100] "�" 501 - "-" "-"
> 62.46.63.175 - - [10/Jan/2003:22:32:12 +0100] "�" 501 - "-" "-"
> 217.80.107.136 - - [10/Jan/2003:22:35:15 +0100] "�" 501 - "-" "-"
> 217.80.107.136 - - [10/Jan/2003:22:50:08 +0100] "�" 501 - "-" "-"
>
> and the corresponding error_log
> [Fri Jan 10 21:20:04 2003] [error] [client 217.80.107.136] Invalid method
> in request �
> [Fri Jan 10 21:34:48 2003] [error] [client 212.202.178.140] Invalid method
> in request �
> [Fri Jan 10 21:35:19 2003] [error] [client 217.80.107.136] Invalid method
> in request �
> [Fri Jan 10 21:49:08 2003] [error] [client 137.194.36.1] Invalid method in
> request �
> [Fri Jan 10 21:50:18 2003] [error] [client 217.80.107.136] Invalid method
> in request �
> [Fri Jan 10 21:52:49 2003] [error] [client 217.225.31.42] Invalid method in
> request �
> [Fri Jan 10 21:55:48 2003] [error] [client 139.19.2.50] Invalid method in
> request �
> [Fri Jan 10 22:05:17 2003] [error] [client 217.80.107.136] Invalid method
> in request �
> [Fri Jan 10 22:20:08 2003] [error] [client 217.80.107.136] Invalid method
> in request �
> [Fri Jan 10 22:32:12 2003] [error] [client 62.46.63.175] Invalid method in
> request �
> [Fri Jan 10 22:35:15 2003] [error] [client 217.80.107.136] Invalid method
> in request �
> [Fri Jan 10 22:50:08 2003] [error] [client 217.80.107.136] Invalid method
> in request �
> [Fri Jan 10 22:57:25 2003] [error] [client 217.230.31.250] Invalid method
> in request �
>
> has anyone else seen this?
> Regards
--
Registered Linux User - 193414
"Windows: A thirty-two bit extension and graphical shell to a sixteen-bit
patch to an eight-bit operating system originally coded for a four-bit
microprocessor which was written by a two-bit company that can't stand one
bit of competition." -- Jargon File Resouces.
Sig for OSS: Never be afraid to try something yourself, remember amateurs
built the Ark, professionals built the Titanic.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] data in the error log file
Posted by Jacob Coby <jc...@listingbook.com>.
> I have this nimda variant too in the log file;
> but my access_log shows actually some new kind of attack:
> 217.80.107.136 - - [10/Jan/2003:21:20:04 +0100] "�" 501 - "-" "-"
> request �
> [Fri Jan 10 22:57:25 2003] [error] [client 217.230.31.250] Invalid method
in
> has anyone else seen this?
> Regards
That's the Slapper worm trying to exploit a SSL bug found in OpenSSL <
0.9.6g.
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] data in the error log file
Posted by "i.t" <i....@ithum.de>.
msg Freitag 10 Januar 2003 17:02 by Jacob Coby:
> >/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >N
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>N
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>N
> NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd
>3 %u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
I have this nimda variant too in the log file;
but my access_log shows actually some new kind of attack:
217.80.107.136 - - [10/Jan/2003:21:20:04 +0100] "�" 501 - "-" "-"
212.202.178.140 - - [10/Jan/2003:21:34:48 +0100] "�" 501 - "-" "-"
217.80.107.136 - - [10/Jan/2003:21:35:19 +0100] "�" 501 - "-" "-"
137.194.36.1 - - [10/Jan/2003:21:49:08 +0100] "�" 501 - "-" "-"
217.80.107.136 - - [10/Jan/2003:21:50:18 +0100] "�" 501 - "-" "-"
217.225.31.42 - - [10/Jan/2003:21:52:49 +0100] "�" 501 - "-" "-"
139.19.2.50 - - [10/Jan/2003:21:55:48 +0100] "�" 501 - "-" "-"
217.80.107.136 - - [10/Jan/2003:22:05:17 +0100] "�" 501 - "-" "-"
217.80.107.136 - - [10/Jan/2003:22:20:08 +0100] "�" 501 - "-" "-"
62.46.63.175 - - [10/Jan/2003:22:32:12 +0100] "�" 501 - "-" "-"
217.80.107.136 - - [10/Jan/2003:22:35:15 +0100] "�" 501 - "-" "-"
217.80.107.136 - - [10/Jan/2003:22:50:08 +0100] "�" 501 - "-" "-"
and the corresponding error_log
[Fri Jan 10 21:20:04 2003] [error] [client 217.80.107.136] Invalid method in
request �
[Fri Jan 10 21:34:48 2003] [error] [client 212.202.178.140] Invalid method in
request �
[Fri Jan 10 21:35:19 2003] [error] [client 217.80.107.136] Invalid method in
request �
[Fri Jan 10 21:49:08 2003] [error] [client 137.194.36.1] Invalid method in
request �
[Fri Jan 10 21:50:18 2003] [error] [client 217.80.107.136] Invalid method in
request �
[Fri Jan 10 21:52:49 2003] [error] [client 217.225.31.42] Invalid method in
request �
[Fri Jan 10 21:55:48 2003] [error] [client 139.19.2.50] Invalid method in
request �
[Fri Jan 10 22:05:17 2003] [error] [client 217.80.107.136] Invalid method in
request �
[Fri Jan 10 22:20:08 2003] [error] [client 217.80.107.136] Invalid method in
request �
[Fri Jan 10 22:32:12 2003] [error] [client 62.46.63.175] Invalid method in
request �
[Fri Jan 10 22:35:15 2003] [error] [client 217.80.107.136] Invalid method in
request �
[Fri Jan 10 22:50:08 2003] [error] [client 217.80.107.136] Invalid method in
request �
[Fri Jan 10 22:57:25 2003] [error] [client 217.230.31.250] Invalid method in
request �
has anyone else seen this?
Regards
--
. ___
| | Irmund Thum
| |
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] data in the error log file
Posted by Jacob Coby <jc...@listingbook.com>.
> The third is ???
Fishing for the server type. It's usually easier to look for a 404 file to
get the server version than it is to do a telnet 80 and HEAD / HTTP/1.0 :)
What the person was going to do with that info, who knows. Maybe they were
looking for an IIS or PWS server to take over and launch an attack against
some other server or servers.
Or maybe they just liked the website and were curious what it was running.
> >67.2.46.255 - - [09/Jan/2003:09:43:25 -0800] "GET
>
>/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3
%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 400 309 "-" "-"
> >65.70.33.186 - - [09/Jan/2003:10:53:28 -0800] "GET
> >/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir"
> >404 1079 "-" "-"
> >66.236.93.67 - - [09/Jan/2003:11:38:38 -0800] "GET
> >/sumthin HTTP/1.0" 404 1079 "-" "-"
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] data in the error log file
Posted by Dennis Veatch <dv...@woh.rr.com>.
On Thursday 09 January 2003 09:07 pm, Thomas Bolioli wrote:
> Be glad you run Apache ;-)
Yea aint that the truth. Several days ago I opened port 80 so a friend could
test my connection. You know it was not hardly 24 hours and I started seeing
the very same thing in my access.log. I to was concered, esp when I noticed
entries like /scripts/........./winnt/system32/cmd.exe and there were a lot
of those type entries. Well being a linux box I thought that odd. So googled
around and found that it was code red and chuckled to myself that I had no
worries.
> >
> >67.2.46.255 - - [09/Jan/2003:09:43:25 -0800] "GET
> >/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u685
> >8%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%
> >u00=a HTTP/1.0" 400 309 "-" "-"
> >65.70.33.186 - - [09/Jan/2003:10:53:28 -0800] "GET
> >/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir"
> >404 1079 "-" "-"
> >66.236.93.67 - - [09/Jan/2003:11:38:38 -0800] "GET
> >/sumthin HTTP/1.0" 404 1079 "-" "-"
> >
--
Registered Linux User - 193414
"Windows: A thirty-two bit extension and graphical shell to a sixteen-bit
patch to an eight-bit operating system originally coded for a four-bit
microprocessor which was written by a two-bit company that can't stand one
bit of competition." -- Jargon File Resouces.
Sig for OSS: Never be afraid to try something yourself, remember amateurs
built the Ark, professionals built the Titanic.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] data in the error log file
Posted by Thomas Bolioli <in...@terranovum.com>.
Be glad you run Apache ;-)
The first two are IIS cracks (virii) and will only infect unpatched Win
NT based IIS installations. One is Code Red et al;. The second is a
common one of origin I do not know. The third is ???
Tom
Arun kumar R wrote:
>I am having the below listed type of messages in my
>log files daily. I am blocking some IP address but
>they are comming with new IP address again. Can anyone
>help me in understand what they are trying to do and
>how to restrict them.
>
>67.2.46.255 - - [09/Jan/2003:09:43:25 -0800] "GET
>/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 400 309 "-" "-"
>65.70.33.186 - - [09/Jan/2003:10:53:28 -0800] "GET
>/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir"
>404 1079 "-" "-"
>66.236.93.67 - - [09/Jan/2003:11:38:38 -0800] "GET
>/sumthin HTTP/1.0" 404 1079 "-" "-"
>
>Regards
>Arun
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>http://mailplus.yahoo.com
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
-----------------------------------------------------
Terra Novum Research
info@terranovum.com
www.terranovum.com
(617) 923-4132
PO Box 362
Watertown, MA 02471-0362
"If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy."
-- James Madison, as a United States Congressman
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] data in the error log file
Posted by Gary Turner <kk...@sbcglobal.net>.
Arun kumar R wrote:
First, it is better to start a new message thread than to 'reply' to an
existing thread and change the subject. Many of the better MUAs thread
by message reference IDs, not subject line.
>I am having the below listed type of messages in my
>log files daily. I am blocking some IP address but
>they are comming with new IP address again.
The attacks come from random infected systems. It is unlikely that you
wills see any one IP a second time.
>Can anyone
>help me in understand what they are trying to do and
>how to restrict them.
>
>67.2.46.255 - - [09/Jan/2003:09:43:25 -0800] "GET
>/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 400 309 "-" "-"
This is the code red worm. For more info, see:
http://www.cert.org/advisories/CA-2001-23.html
>65.70.33.186 - - [09/Jan/2003:10:53:28 -0800] "GET
>/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir"
>404 1079 "-" "-"
This is the Nimda worm. For more info, see:
http://www.cert.org/advisories/CA-2001-26.html
>66.236.93.67 - - [09/Jan/2003:11:38:38 -0800] "GET
>/sumthin HTTP/1.0" 404 1079 "-" "-"
This is WTF. In other words, not a clue :) It does not appear to be
malicious, or other than a bad URL or fishing expedition.
The hosts making these requests are not the bad guys, they're just
clueless. If I have a few minutes, I'll send an email, including log
excerpt, to the host or its ISP. I cc: my own ISP. Not enough energy
in the world to help all the folks running MS security jokes.
--
gt kk5st@sbcglobal.net
If someone tells you---
"I have a sense of humor, but that's not funny."
---they don't.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org