[svlug] httpd error log question

Wayne Earl wayne at qconcepts.net
Fri Jul 6 11:25:02 PDT 2001


It means that some Script Kiddie forgot to run nmap before he attempted to
penetrate your machine. (I've seen these in my apache logs at work as
well...idiots).

The log entry is evidence of a crack attempt. I would recommend doing an
arin lookup to find out who is responsible for the ip address the attempt
came from, and inform that person what their user is doing. Fat chance
that anyone will be held responsible for the attempt, but you might have
uncovered a compromised machine (a good admin would be very greatful for
this discovery).

Yes Toto, we're not in Kansas anymore...

On Fri, 6 Jul 2001, Gordon Vrololjak wrote:

> Just noticed this while doing some cgi programming... Is someone trying to
> do nasty things to our little linux box?  I'm happy we aren't running NT
> for many reasons...
>
> [Thu Jul 5 21:29:55 2001] [error] [client 211.53.210.94] File does not
> exist: /home/httpd/html/scripts/..À¯../winnt/system32/cmd.exe
>
> \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
> Gordon Ante Vrdoljak                           	      Electron Microscope Lab
> ICQ 23243541   http://nature.berkeley.edu/~gvrdolja   26 Giannini Hall
> gvrdolja at nature.berkeley.edu                          UC Berkeley
> phone (510) 642-2085                                  Berkeley CA 94720-3330
> fax   (510) 643-6207 cell (510) 290-6793
>
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/mailman/listinfo/svlug
>
>

-- 
Wayne Earl <wayne at qconcepts.net>
gpg key fingerprint: 3CE4 0558 635E DADB 327C 73AB 11CA 9A6B B209 E8C5





More information about the svlug mailing list