httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rafael Faura" <rfa...@bassy.net>
Subject RE: [users@httpd] some questions...
Date Mon, 26 Jan 2004 00:09:29 GMT

[...]

211.226.89.189 - - [25/Jan/2004:21:19:18 +0100] "GET 
/scripts/nsiislog.dll" 404 -

[...]


That's seems like an IIS (Microsoft Internet Information Services, the
Microsoft Webserver) scanner scanning for possible vulnerabilities/exploits
into your server. The '404' at the end of your line is one of the HTTP error
codes that means 'file not found' (the scanner can't find the requested
file).

You'll probably see, with the time, more lines into your log files, lines
like:

xxx.xxx.xxx.xxx - - [08/Jan/2004:18:04:02 +0100] "get
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi
nnt/system32/cmd.exe?/c%20dir" 501

xxx.xxx.xxx.xxx - - [16/Jan/2004:00:05:03 +0100] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404

... and so on.


Near 100% of those scanners or 'exploits' attempts only works on IIS (thanks
to the **big security holes** that IIS 4, IIS 5 & IIS 6 had - or still have,
who knows). From my small and little experience Apache is free of them.



-----------------------------
Rafael Faura Cucalón
Web Developer
rfaura@bassy.net
 
Bassy Servicios Inform√°ticos
http://www.bassy.net


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message