Annoying windoze problems in my Apache server logs
Hello! I've got this really annoying problem in my apache server logs, in both "/var/log/apache/access_log and in /var/log/apache/error_log
I don't know if this is much of a security problem (although if I were running another OS it might be ;) ) but I am more wondering how to have these not even show up in my logs, or filter them into another log such as /dev/null or something. I've taken some exerpts from both log files so you can get a feel for what I am talking about: From /var/log/apache/access_log: Code:
4.65.236.42 - - [05/Feb/2003:16:54:20 -0800] "GET /scripts/..%c1%1c../winnt/syst Code:
.65.194.47 - - [05/Feb/2003:16:24:44 -0800] "GET /scripts/..%25%35%63../winnt/s Code:
[Sun Jan 19 06:57:38 2003] [error] [client 4.65.71.160] File does not exist: /va Anyway, anyone got any ideas on how to rid my logs of the flaws of others ;) Cool |
Yup. Nimda or CodeRed virus. I asked this question before and nobody had an answer on how to get these out of the log file. I wanted to get rid of those log entries for so long but now I kind of like them because they remind me why I don't use M$.
By the way: I wonder how many Linux server were effected by the "SQL Slammer" worm. Oh yeah thats right. none |
Thanks :) How about a reverse IP lookup then? So I can send an email or something to this IP to let them know how annoying it is, or rather that this is happening.
:) Cool |
In your logrotate script add something like:
prerotate grep /var/log/apache/access_log -ve "cmd.exe" > /var/tmp/apache/access_log mv -f /var/tmp/apache/access_log /var/log/apache/access_log endscript IMO email notification is an applaudable thing but in these cases usually won't do more than easy your mind you've done "everything". Find their upstream ISP's (Verizon) abuse address and mail them. |
Re: Annoying windoze problems in my Apache server logs
Quote:
Code:
SetEnvIf Request_URI "/cmd.exe/" dontlog Jamie... |
Re: Re: Annoying windoze problems in my Apache server logs
Quote:
Code:
#Test to stop windoze bothersome virus logs (thread is located at:http://www.lin Code:
#Test to stop windoze bothersome virus logs (thread is located at:http://www.lin Code:
#Test to stop windoze bothersome virus logs (thread is located at:http://www.lin Cool |
All times are GMT -5. The time now is 07:51 PM. |