[CLUE-Tech] annoying attempts to compromise web server
Chris Schock
black at clapthreetimes.com
Wed Oct 13 08:20:38 MDT 2004
You've already dealt with it by running apache. :) Everyone gets these,
expect to see hundreds a month. Until infected IIS servers go away you'll
continue seeing them.
> Hello,
>
> A few days ago I opened up my cable/dsl router to
> allow a simple web page to be served by apache on one
> of my linux boxes. Over the last 2 days or so apache
> has been logging (in access_log) attempts from a
> particular IP trying to "run" things like:
>
> 67.165.178.202 - - [13/Oct/2004:07:49:58 -0600] "GET
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 972 "-" "-"
>
> every 30 to 40 minutes.
>
> Any suggestions on how to deal with this sort of
> thing?
>
> -Mike
>
>
>
> _______________________________
> Do you Yahoo!?
> Declare Yourself - Register online to vote today!
> http://vote.yahoo.com
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options:
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
More information about the clue-tech
mailing list