Re: Interesting Apache logs
From: Clark (clzahn@mindspring.com)Date: 03/25/02
- Previous message: Elaine Ransome: "Re: Interesting Apache logs"
- In reply to: Brian A Crawford: "Interesting Apache logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Clark <clzahn@mindspring.com> Date: Sun, 24 Mar 2002 19:39:51 -0800
Brian A Crawford wrote:
>
> I have included a small series of Apache logs that are quite
> interesting.
> Can someone point me to a site where I can learn the full details of
> what the attacker was trying to achieve.
> I run Apache on Linux. It seems they were scanning for a windows
> vunerability -- to infect with a worm?
>
> Thanks in advance
>
> Brian C.
>
> ------------------------------------------------------------------------------------------------------------------------------------
>
> [Sun Jan 27 18:58:37 2002] [error] [client xxx.222.73.218] File does
> not exist: /var/www/htdocs/scripts/root.exe
> [Sun Jan 27 18:58:47 2002] [error] [client xxx.222.73.218] File does
> not exist: /var/www/htdocs/MSADC/root.exe
> [Sun Jan 27 18:59:02 2002] [error] [client xxx.222.73.218] File does
> not exist: /var/www/htdocs/c/winnt/system32/cmd.exe
> [Sun Jan 27 19:00:42 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/scripts/root.exe
> [Sun Jan 27 19:00:46 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/MSADC/root.exe
> [Sun Jan 27 19:00:48 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/c/winnt/system32/cmd.exe
> [Sun Jan 27 19:00:49 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/d/winnt/system32/cmd.exe
> [Sun Jan 27 19:01:00 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/scripts/..%5c../winnt/system32/cmd.exe
> [Sun Jan 27 19:01:01 2002] [error] [client xxx.222.123.236] File does
> not exist:
> /var/www/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
>
> [Sun Jan 27 19:53:04 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/scripts/root.exe
> [Sun Jan 27 19:53:05 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/MSADC/root.exe
> [Sun Jan 27 19:53:07 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/c/winnt/system32/cmd.exe
> [Sun Jan 27 19:53:09 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/d/winnt/system32/cmd.exe
> [Sun Jan 27 19:53:14 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/scripts/..%5c../winnt/system32/cmd.exe
> [Sun Jan 27 19:53:15 2002] [error] [client xxx.222.123.236] File does
> not exist:
> /var/www/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
> [Sun Jan 27 19:53:15 2002] [error] [client xxx.222.123.236] File does
> not exist:
> /var/www/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
> [Sun Jan 27 19:53:17 2002] [error] [client xxx.222.123.236] File does
> not exist:
> /var/www/htdocs/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
> [Sun Jan 27 19:53:19 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/scripts/..Á../winnt/system32/cmd.exe
> [Sun Jan 27 19:53:21 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/scripts/..À¯../winnt/system32/cmd.exe
> [Sun Jan 27 19:53:25 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/scripts/..Á../winnt/system32/cmd.exe
> [Sun Jan 27 19:53:28 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/scripts/..%5c../winnt/system32/cmd.exe
> [Sun Jan 27 19:53:29 2002] [error] [client xxx.222.123.236] File does
> not exist: /var/www/htdocs/scripts/..%2f../winnt/system32/cmd.exe
>
> -------------------------------------------------------------------------------------------------------------------------------------
>
> [Sat Feb 9 20:52:58 2002] [error] [client BBB.160.15.29] Client sent
> malformed Host header
>
> -------------------------------------------------------------------------------------------------------------------------------------
>
> [Sun Mar 3 20:49:51 2002] [crit] (98)Address already in use:
> make_sock: could not bind to port 80
> [Sun Mar 3 21:20:28 2002] [error] [client xxx.222.6.196] File does
> not exist: /var/www/htdocs/scripts/root.exe
> [Sun Mar 3 21:20:36 2002] [error] [client xxx.222.6.196] File does
> not exist: /var/www/htdocs/MSADC/root.exe
> [Sun Mar 3 21:20:44 2002] [error] [client xxx.222.6.196] File does
> not exist: /var/www/htdocs/c/winnt/system32/cmd.exe
> [Sun Mar 3 21:20:51 2002] [error] [client xxx.222.6.196] File does
> not exist: /var/www/htdocs/d/winnt/system32/cmd.exe
> [Sun Mar 3 21:21:00 2002] [error] [client xxx.222.6.196] File does
> not exist: /var/www/htdocs/scripts/..%5c../winnt/system32/cmd.exe
> [Sun Mar 3 21:21:07 2002] [error] [client xxx.222.6.196] File does
> not exist:
> /var/www/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
> [Sun Mar 3 21:21:15 2002] [error] [client xxx.222.6.196] File does
> not exist:
> /var/www/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
> [Sun Mar 3 21:21:25 2002] [error] [client xxx.222.6.196] File does
> not exist:
> /var/www/htdocs/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
>
> -------------------------------------------------------------------------------------------------------------------------------------
My business website is getting the same thing. I wonder what percentage
of the total traffic on the internet is this sort of thing. I've been
getting it for quite a while, and it constitutes the bulk of the
requests to my site.
-- Clark Zahn Registered linux user 267087
- Next message: Barry Margolin: "Re: What is port 3 used for?"
- Previous message: Elaine Ransome: "Re: Interesting Apache logs"
- In reply to: Brian A Crawford: "Interesting Apache logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
