[Gllug] Apache Logs
t.clarke
tim at seacon.co.uk
Tue Jan 15 17:35:01 UTC 2002
---------------------------------------
Message from:-
Tim Clarke (tim at seacon.co.uk)
Seacon Holdings plc Group, London, U.K.
Telephone: +44 (0)1474 320000
Fax: +44 (0)1474 329946
---------------------------------------
Hi
Firstly, sorry, the 'TCP' message was sent in error - this was an old
throw-away message-file I sent in error !
The real message:-
----------------
I am hoping someone can throw some light on the following messages which
are appearing horribly regularly in our Apache error_log, from various IP
addresses (although the samples below are all within a few minutes and from
the same IP address shown).
I presume somebody is attempting to use some kind of 'backdoor; to get control
of the machine upon which our apache server runs (Linux, of course !!).
I also presume/hope that no damage is being done, other than filing up our
log-files !
Questions:
1) Is it realistic/possible to do a reverse look-up on the IP address and fire
off a suitable email to the ISP/organisation that 'owns' it ??
2) Since most of the non-existent files seem to be within winnt and scripts
sub-directories, can I get apache to do something like re-direct to
a suitable 'buggar-off' web page after a 60-second 'wait?
3) If the requests can be pinned down to a limited range of IP addresses,
would it be realistic to simply DENY them within the filter rules ?
Any helpful comments appreciated.
Regards
Tim
----
[Tue Jan 15 15:47:30 2002] [error] [client 195.24.198.7]
File does not exist: /usr/local/apache/htdocs/
usr/local/apache/htdocs/scripts/root.exe
MSADC/root.exe
c/winnt/system32/cmd.exe
d/winnt/system32/cmd.exe
scripts/..%5c../winnt/system32/cmd.exe
_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe
scripts/..../winnt/system32/cmd.exe
scripts/..../winnt/system32/cmd.exe
scripts/..../winnt/system32/cmd.exe
scripts/..%5c../winnt/system32/cmd.exe
scripts/..%2f../winnt/system32/cmd.exe
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list