You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Carrie Salazar <sa...@nature.berkeley.edu> on 2002/09/13 04:35:09 UTC

[users@httpd] Re: httpd-access.log query

Since you use Apache & getting 404 errors they are nothing really 
to worry about since they are just infected computers scanning in 
attempts to exploit IIS/Window$ machines.  The only damage to 
Apache is all these flooded log files.  If you want to spare
your log files you can try putting some lines in your config
file to redirect ALL of them to trash (or to Microsoft ;).
--
carrie s.

>Date: Fri, 13 Sep 2002 10:21:09 +1000
> To: <us...@httpd.apache.org>
> From: "Doug Young" <do...@brizzie.org>
> Subject: httpd-access.log query
> Message-ID: <21...@oracle>
> 
> Been getting HEAPS of messages like these in httpd-access.log lately ....
> assume the
> script kiddies at play again ... not that those commands won't help them
> much on a unix
> system. I've been firewall the offending IPs but wonder if there is a better
> remedy.
> 
> Any suggestions / comments ??
> 
> 203.51.185.233 - - [13/Sep/2002:04:02:05 +1000] "GET
> /scripts/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-"
> 203.51.185.233 - - [13/Sep/2002:04:02:06 +1000] "GET /MSADC/root.exe?/c+dir
> HTTP/1.0" 404 276 "-" "-"
> 203.51.185.233 - - [13/Sep/2002:04:02:07 +1000] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286 "
> 203.51.185.233 - - [13/Sep/2002:04:02:07 +1000] "GET
...ad nauseum

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] ".k" as a php parsed extension

Posted by Hendrik Daldrup <ap...@ring-wraith.com>.

Hi,

i am trying to run ".k" files on my server, which are actually ".php" files.
However,

AddType application/x-httpd-php .k .test .e

in httpd.conf doesn't work at all.
".test" and ".e" files are parsed, but ".k" files are offered for download.
Is this some kind of reserved extension?
I also wasn't able to find any other set ".k" file extension in my 
apache config file, so i am kind of lost here.

Regards,
Hendrik


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Re: httpd-access.log query

Posted by "J. Greenlees" <ja...@shaw.ca>.

yup, the root.exe is nimda and the cmd.exe is codered
getting a lot of them, from my isp's machines.
I just send them a new 5MB log file every couple of days reminding them 
they are infected.

though I LIKE the idea of sending the requests to microsoft. ):-)

Carrie Salazar wrote:
> Since you use Apache & getting 404 errors they are nothing really 
> to worry about since they are just infected computers scanning in 
> attempts to exploit IIS/Window$ machines.  The only damage to 
> Apache is all these flooded log files.  If you want to spare
> your log files you can try putting some lines in your config
> file to redirect ALL of them to trash (or to Microsoft ;).
> --
> carrie s.
> 
> 
>>Date: Fri, 13 Sep 2002 10:21:09 +1000
>>To: <us...@httpd.apache.org>
>>From: "Doug Young" <do...@brizzie.org>
>>Subject: httpd-access.log query
>>Message-ID: <21...@oracle>
>>
>>Been getting HEAPS of messages like these in httpd-access.log lately ....
>>assume the
>>script kiddies at play again ... not that those commands won't help them
>>much on a unix
>>system. I've been firewall the offending IPs but wonder if there is a better
>>remedy.
>>
>>Any suggestions / comments ??
>>
>>203.51.185.233 - - [13/Sep/2002:04:02:05 +1000] "GET
>>/scripts/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-"
>>203.51.185.233 - - [13/Sep/2002:04:02:06 +1000] "GET /MSADC/root.exe?/c+dir
>>HTTP/1.0" 404 276 "-" "-"
>>203.51.185.233 - - [13/Sep/2002:04:02:07 +1000] "GET
>>/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286 "
>>203.51.185.233 - - [13/Sep/2002:04:02:07 +1000] "GET
>>
> ...ad nauseum
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org