You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Sparky Kopetzky <sp...@blackmesa-isp.net> on 2003/04/20 18:53:01 UTC

[users@httpd] Access_log question

I'm getting a lot of IP addresses that are not on our network in the
access_logs and they are mostly 404 errors. Is someone trying to hack into
our machine??

Robin Kopetzky
Black Mesa Internet Services


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Access_log question

Posted by Dark Origin <da...@w00p.dk>.

Hello Sparky,

Sunday, April 20, 2003, 6:53:01 PM, you wrote:

SK> I'm getting a lot of IP addresses that are not on our network in the
SK> access_logs and they are mostly 404 errors. Is someone trying to hack into
SK> our machine??

SK> Robin Kopetzky
SK> Black Mesa Internet Services


SK> ---------------------------------------------------------------------
SK> The official User-To-User support forum of the Apache HTTP Server Project.
SK> See <URL:http://httpd.apache.org/userslist.html> for more info.
SK> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
SK>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
SK> For additional commands, e-mail: users-help@httpd.apache.org

              I have the same problem. My guess is that it is a virus.
              The users I have in my access/error logs are from a
              variety of IPs, though all of the same "type". Check to
              see if a webserver is located on port 80 or 8080 (maybe
              even 8000) and if there is one then see if you can't
              send an email to the admin of that server, informing
              her/him that s/he might have virus.
              Usually its a virus that tries to breach your httpd or
              your SQL server and therefrom reproduce.

-- 
Best regards,
 Dark
admin at w00p.dk



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Access_log question

Posted by Tim Wort <ti...@pobox.com>.

You might include an example of the log output.

This is an example of a successful fetch of the file  "foobar.gif"
includes the source IP address and the size, 200 is sucessful.

If it was a 400 number it failed. It doesn't indicate a hack just a
attempt to fetch a file/page that wasn't there.

205.188.209.14 - - [20/Apr/2003:09:13:12
-0600] "GET /path/from/docroot/foobar.gif HTTP/1.0" 200 814

Are the requests in question similar to this?




On Sun, 20 Apr 2003, Sparky Kopetzky wrote:

> I'm getting a lot of IP addresses that are not on our network in the
> access_logs and they are mostly 404 errors. Is someone trying to hack into
> our machine??
>
> Robin Kopetzky
> Black Mesa Internet Services
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=        Inkling Research Inc.      =
=    Tim.Wort@InklingResearch.com   =
=        Tim.Wort@pobox.com         =
=                                   =
=        Eschew Obfuscation         =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org