Linux Security - View topic - error log file in Apache

It is currently Mon, 20 May 2013 05:55:02 GMT

error log file in Apache

Author	Message
Michael Thor #1 / 8	error log file in Apache I have the default test page (index.html) on my RH 7 Apache webserver. The day I started httpd and opened port 80 I've been getting miles of logs. I've included a clip below. Can someone tell me what this is and why this is happening? I've included just this one IP but I get plenty of other IPs. It looks to me like they are trying to gain access to t winnt server running Apache and trying to bring up a dos prompt. Is there something I can do to find who is doing this and why? I believe 24 dot is tampabay.rr.com Thanks for your help, --Michael- Snip is below [Tue Apr 16 15:28:26 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/root.exe [Tue Apr 16 15:28:26 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/MSADC/root.exe [Tue Apr 16 15:28:26 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/c/winnt/system32/cmd.exe [Tue Apr 16 15:28:27 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/d/winnt/system32/cmd.exe [Tue Apr 16 15:28:27 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..%5c../winnt/system32/cmd.exe [Tue Apr 16 15:28:27 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Tue Apr 16 15:28:27 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Tue Apr 16 15:28:27 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/c md.exe [Tue Apr 16 15:28:28 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..../winnt/system32/cmd.exe [Tue Apr 16 15:28:28 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..../winnt/system32/cmd.exe [Tue Apr 16 15:28:28 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..../winnt/system32/cmd.exe [Tue Apr 16 15:28:29 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..%5c../winnt/system32/cmd.exe [Tue Apr 16 15:28:29 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..%2f../winnt/system32/cmd.exe [Tue Apr 16 17:33:20 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/root.exe [Tue Apr 16 17:33:20 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/MSADC/root.exe [Tue Apr 16 17:33:20 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/c/winnt/system32/cmd.exe [Tue Apr 16 17:33:20 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/d/winnt/system32/cmd.exe [Tue Apr 16 17:33:20 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..%5c../winnt/system32/cmd.exe [Tue Apr 16 17:33:21 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Tue Apr 16 17:33:21 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Tue Apr 16 17:33:21 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/c md.exe [Tue Apr 16 17:33:21 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..../winnt/system32/cmd.exe [Tue Apr 16 17:33:21 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..../winnt/system32/cmd.exe [Tue Apr 16 17:33:22 2002] [error] [client 24.94.96.6] File does not exist: /var/www/html/scripts/..../winnt/system32/cmd.exe
Mon, 04 Oct 2004 02:38:42 GMT

Shaolin Tige #2 / 8	error log file in Apache news:Sijv8.38052$8W5.23662@nwrddc02.gnilink.net... <snip> Code red and Nimda. sigh I thought people would know about this by now :) Regards Shaolin 24. is generally @home.
Mon, 04 Oct 2004 05:28:54 GMT

Michael Thor #3 / 8	error log file in Apache Well, I did figure it may be code red. Should I do anything about it? Thanks again, --Michael- news:3cbde8dc_3@news2.vip.uk.com...
Mon, 04 Oct 2004 05:55:58 GMT

Johann Burkar #4 / 8	error log file in Apache No, unless you are using IIS. Please don't top post. Johann -- Du bist ein Hightraffic Regular. Lasse die Jugendlichen sich entwickeln, das wird dir jeder faire Vater sagen. Ich habe dir einige Beispiele gegeben, deine Elite aufzubauen. Das ist aber genau das deja vue in vielen anderen Gruppen. Leistungsgesellschaft! (*T?nnes in dsnu)
Mon, 04 Oct 2004 06:17:50 GMT

Nico Kadel-Garci #5 / 8	error log file in Apache news:3CBDF48E.8090907@nebel.org... Hmm. Someone posted notes on how to tell Apache to mod_rewrite the Code Red requests to go back to the sender, and let them circle jerk themselves. Does anyone have that? I could use it now....
Tue, 05 Oct 2004 10:06:37 GMT

Kasper Dupon #6 / 8	error log file in Apache What good would that do? -- Kasper Dupont -- der bruger for meget tid p? usenet. For sending spam use mailto:razor-rep...@daimi.au.dk
Tue, 05 Oct 2004 19:34:50 GMT

Nico Kadel-Garci #7 / 8	error log file in Apache news:3CC000DA.CD9E1A04@daimi.au.dk... 1: It stops the errors from showing up in your log files, instead it shows up in theirs. 2: Since they're already infected and sneezing their little viruses everywhere, it lets them suffer the bandwidth hit and thrashing of re-infecting themselves rather than bothering us. 3: It's particularly fun to do to sites that are probing you themselves, as their probers rarely talk to the people that do their web monitoring, and watch them thrash as you introduce them to each other.
Wed, 06 Oct 2004 10:09:13 GMT

Kasper Dupon #8 / 8	error log file in Apache There are other ways to achieve that. Did you actually verify that, or are you just guesing? How would that make them stop using your bandwidth? And how would you make them attack themselves? Are you trying to redirect them to another URL? I tried redirecting some of the CodeRed attacks to another URL on the same server. The redirections were simply ignored. What can you do when they ignore your answer? Have you actually watched that? -- Kasper Dupont -- der bruger for meget tid p? usenet. For sending spam use mailto:razor-rep...@daimi.au.dk
Wed, 06 Oct 2004 19:52:51 GMT

Page 1 of 1

[ 8 post ]

2. Apache 1.2.3: fopen: Error 0: could not open error log file

3. Apache - need Referer for error log file

4. Apache Log/Error file archiver ?

5. Apache error logs to more than one file.

6. Apache 1.3 FreeBSD and MMap in error log file

7. apache 1.30: error in log files, possible bug?

8. Apache 1.3b3 NT 4 -- Error Log and Moved files

9. Apache 1.3.12 access.log logging error

10. Apache logging virtual hosts in one log file

error log file in Apache

Similar Threads