Messages in HTTPD log
This is a discussion on Messages in HTTPD log within the Linux Security forums, part of the System Security and Security Related category; I'm running apache 2.0 on RH Linux behind a firewall. I have setup DNAT to enable port 80 ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-31-2003
|
|||
|
|||
Messages in HTTPD log
I'm running apache 2.0 on RH Linux behind a firewall. I have setup
DNAT to enable port 80 requests to be forwarded to my httpd server in the internal n/w. I found this line in my httpd access_log . xx.xx.xx.xx - - [31/Aug/2003:01:28:45 -0400] "GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.1" 404 1050 "-" "-" and the following lines in error_log [Sun Aug 31 01:28:44 2003] [error] [client xx.xx.xx.x] File does not exist: /var/www/html/scripts [Sun Aug 31 01:28:45 2003] [error] [client xx.xx.xx.xx] File does not exist: /var/www/html/scripts What was the person trying to accomplish ? I guess he didn't find much success . Can I do anything more to prevent such requests coming to my webserver .. TIA Navin. 
|
|
09-01-2003
|
|||
|
|||
|
Re: Messages in HTTPD log
<snip>
> > > > What was the person trying to accomplish ? I guess he didn't find much > > success . > > Can I do anything more to prevent such requests coming to my webserver > > . > > > > TIA > > Navin. > > > > It is a user looking for a windows machine running IIS, and attempting to > list the directory in hopes of hacking you. Not any consideration to a > *nix machine, and *probably* will not work even if you are running Apache > on Windows. <snip> Thanks for the pointers Mark. Seems like packet filtering alone would not be a good solution. Since I serve out only html pages and run no server-side stuff , I'm planning to setup a squid reverse proxy to filter out all unknown URL's . Regards, Navin.
|
|
09-24-2003
|
|||
|
|||
|
Re: Messages in HTTPD log
Mica wrote:
> I'm running apache 2.0 on RH Linux behind a firewall. I have setup > DNAT to enable port 80 requests to be forwarded to my httpd server in > the internal n/w. > > I found this line in my httpd access_log . > > xx.xx.xx.xx - - [31/Aug/2003:01:28:45 -0400] "GET > /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.1" 404 > 1050 "-" "-" > > and the following lines in error_log > > [Sun Aug 31 01:28:44 2003] [error] [client xx.xx.xx.x] File does not > exist: /var/www/html/scripts > > [Sun Aug 31 01:28:45 2003] [error] [client xx.xx.xx.xx] File does not > exist: /var/www/html/scripts > > > What was the person trying to accomplish ? I guess he didn't find much > success . > Can I do anything more to prevent such requests coming to my webserver > . > > TIA > Navin. This user is stupid ! he wanted to use Unicode Windows servers Bug ;) to know if the host is APACHE OR use Telnet open www.site.org 80 and type GET 1.0 / HTTP the responce is: HTTP/1.1 400 Bad Request Date: Wed, 24 Sep 2003 13:59:55 GMT Server: Apache
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 04:31 AM.
