[CLUE-Tech] annoying attempts to compromise web server
Angelo Bertolli
angelo at freeshell.org
Wed Oct 13 08:27:37 MDT 2004
Looks like a compromised machine, so the person who is doing that is
probably innocent. I think I would probably just ignore it, but I guess
you could block them at the firewall.
If you just want to keep it from getting into the log file just use
something like this:
SetEnvIf Request_URI (.*)cmd\.exe nolog
CustomLog logs/access_log combined !env=nolog
Angelo
mike havlicek wrote:
>Hello,
>
>A few days ago I opened up my cable/dsl router to
>allow a simple web page to be served by apache on one
>of my linux boxes. Over the last 2 days or so apache
>has been logging (in access_log) attempts from a
>particular IP trying to "run" things like:
>
>67.165.178.202 - - [13/Oct/2004:07:49:58 -0600] "GET
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
>HTTP/1.0" 404 972 "-" "-"
>
>every 30 to 40 minutes.
>
>Any suggestions on how to deal with this sort of
>thing?
>
>-Mike
>
>
>
More information about the clue-tech
mailing list