httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alfredo Gómez Grande <ago...@agsoftware.net>
Subject Re: [users@httpd] Log file seems wiered
Date Tue, 05 Aug 2003 12:42:36 GMT
That's due to RED CODE virus. You can surpress those lines writing this
under your customlog directive:

SetEnvIf Request_URI default.ida cadena
SetEnvIf Request_URI scripts cadena
SetEnvIf Request_URI system32 cadena
SetEnvIf Request_URI root.exe cadena
SetEnvIf Request_URI _bin cadena
SetEnvIf Request_URI options cadena
SetEnvIf Request_URI connect cadena
SetEnvIf Request_URI head cadena
SetEnvIf Request_URI search cadena
CustomLog logs/access.log combined env=!cadena


Maybe you'll have to put into " " words above like: connect, search, head,
options,.... to make it work. The theory is that they have to go into " "
but the declarations above worked for me.

Cheers

----- Original Message ----- 
From: Robert Andersson
To: users@httpd.apache.org
Sent: Tuesday, August 05, 2003 7:01 AM
Subject: Re: [users@httpd] Log file seems wiered


Issa Mbodji wrote:
> 68.39.73.57 - - [04/Aug/2003:22:00:27 -0400] "OPTIONS
> / HTTP/1.1" 200 - "-"
> "Microsoft-WebDAV-MiniRedir/5.1.2600"

This is a WebDAV client, checking what you've got. No worry.

> 68.50.224.32 - - [04/Aug/2003:21:07:48 -0400] "GET
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 - "-" "-"

Some Nimbda/CodeRed worm. No worry.

> Is there anything I can do to stop these things?

The OPTIONS could possibly be stopped by configuration, but I don't see any
point in doing so. The latter, Apache is already stopping, as is noted by
the 404 status.

> Please advise. I think I will put my site down until I
> figure out what;s happening.

No need to be dramatic, we all have those bloating our logs. Besides that,
they're harmless.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Mime
View raw message