Apache access logs
 

Fedora C2
Apache
Linksys router connected to cable modem

I just recently setup my webserver, and allowed access to it thru the web. I was poking around in the logs, and I some messages like this:

"GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 297 "-" "-"

Is this someone trying to get to my XP machine thru the webserver on my Linux box?

Thanks

lawadm1

Check these threads

Here
http://www.linuxquestions.org/questi...TTPF1.0+400+97

Here
http://www.linuxquestions.org/questi...TTPF1.0+400+97

And here
http://www.linuxquestions.org/questi...TTPF1.0+400+97

Pete

Pete, those links are busted.......

lawadm1...Get used to seeing those. It isn't someone trying to get to your XP machine, but rather Code Red or one of the other IIS worms looking for idiots with unpatched microsoft webservers to infect. My logs are absolutely stiff with garbage like this. Odds are the person who owns the machine doesn't even know they are infected. Since it is looking for microsoft stuff, as long as you are running Apache, you are not vulnerable. Of course if you are running a publicly accessible web server, you should have your security in place and running.

Hangdog42

Links work fine for me in Firefox and IE ?

Pete

Hm. Might be a win2K thing? Or maybe my computer is just being funky since both Firefox and IE fail for me.