httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alfredo Gómez Grande <>
Subject Re: [users@httpd] Log file seems wiered
Date Tue, 05 Aug 2003 12:42:36 GMT
That's due to RED CODE virus. You can surpress those lines writing this
under your customlog directive:

SetEnvIf Request_URI default.ida cadena
SetEnvIf Request_URI scripts cadena
SetEnvIf Request_URI system32 cadena
SetEnvIf Request_URI root.exe cadena
SetEnvIf Request_URI _bin cadena
SetEnvIf Request_URI options cadena
SetEnvIf Request_URI connect cadena
SetEnvIf Request_URI head cadena
SetEnvIf Request_URI search cadena
CustomLog logs/access.log combined env=!cadena

Maybe you'll have to put into " " words above like: connect, search, head,
options,.... to make it work. The theory is that they have to go into " "
but the declarations above worked for me.


----- Original Message ----- 
From: Robert Andersson
Sent: Tuesday, August 05, 2003 7:01 AM
Subject: Re: [users@httpd] Log file seems wiered

Issa Mbodji wrote:
> - - [04/Aug/2003:22:00:27 -0400] "OPTIONS
> / HTTP/1.1" 200 - "-"
> "Microsoft-WebDAV-MiniRedir/5.1.2600"

This is a WebDAV client, checking what you've got. No worry.

> - - [04/Aug/2003:21:07:48 -0400] "GET
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 - "-" "-"

Some Nimbda/CodeRed worm. No worry.

> Is there anything I can do to stop these things?

The OPTIONS could possibly be stopped by configuration, but I don't see any
point in doing so. The latter, Apache is already stopping, as is noted by
the 404 status.

> Please advise. I think I will put my site down until I
> figure out what;s happening.

No need to be dramatic, we all have those bloating our logs. Besides that,
they're harmless.

Robert Andersson

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message