Re: Gotta love the server access logs!

From: CJ (
Date: 04/11/02

From: "CJ" <>
Date: Thu, 11 Apr 2002 15:44:32 GMT

"Bob Ceculski" <> wrote in message
> Corey Shields <> wrote in message
> > In a short answer, I wouldn't worry about them.. I frequently grep my logs
> > for IIS-type requests from worms like Nimda and such, and when they first
> > started out I was getting hit thousands of times a day with attempts like
> > you are seeing. Sit back and smile remembering that you were smart enough
> > to choose Apache. :)
> >
> > Appearantly IIS worms are much easier to write and implement than anything
> > for Apache, or we would see a lot more of that around. If you want tighter

IIS tends to be a target simply because it is so much more difficult to patch. A
secure IIS server is pretty good (much as it pains me to say it) but most of
them out there are out-of-the-box monstrosities.

Don't worry about these nimda type requests. In a way, they are quite good
because the more time nimda sits there trying to probe an apache server, the
less time it is actually doing damage.

> > security, a good URL I could refer you to would be:
> >
> >
> >
> > it just has a few tips to tighten up your Apache server
> >
> > Good luck!
> >
> > --Corey
> but Apache is not immune to hacks ... check the certs advisories ... and
> what about ip hacks? linux/unix/windoze are the worst platforms to
> "relax" on! you can only relax if you run on OpenVMS ...



Year 2000 never bothered me.
It's year 65536 that I'm worried about
H4x0R : I'm way cooler than you! I got 40 scrypts that can kill yer machine
sysop : Heh! Yeah right!
w33n3r: Yeah. I can nail you from here man ... gimme your ip and you're toast!
l4m3rz: Yeah .. we rock .. we're gonna fry your machine
sysop : Ok, I dare ya ... My ip is
H4x0R : ##Disconnected##
w33n3r: ##Disconnected##
l4m3rz: ##Disconnected##