I just started using apache a little while ago. I'm reading though the access log and I have questions about a few entries.

1)What's all this about? It looks to me like someone thinks I am running an NT server and they are trying to crack in. Is this correct? What should I do about it?

2) (snip) I've got no idea what this is. It appears all the time and the part I snipped out is REALLY long. Any ideas what that is and what I do about it?

Thanks in advance for any help,

Damn, found the answer for #2. Looks like it's some hack for the Microsoft IIS or DAV server. Guess it's just annoying, that's all. Any ideas on #1?

Any ideas on #1?
Probably Nimda worm (targets IIS).

Thanks unSpawn. I've been looking into this like mad. I think your right. Looks like it isn't any big deal to me, but it sure is annoying.

Thanks again.

I've seen alot of these entries in my logs as well, I was just wondering if there is a simple way to block these requests.

mod_rewrite??? or something of the sort.

I also have seen that second one in my logs. I assumed just by the looks of it that it was some sort or hack, but at least now I know that I don't have to worry about it.

It is of course annoying though. I hope catalyst4000 gets an answer on how to block this, I would like to configure my server to ignore this type of thing.

might not be a bad idea to tracert or whois the IP and send the domain an e-mail informing them that their crappy M$ IIS server is infected and attempted to infect your web server.

be a bit more polite then that, but you get the point. also copy/paste the log entry for them so they can see the details and can verify it at their end. well let me clerify that. they will at least have the information to verify it, but as they are infected by a virus that has had a fix out for well over a year they are probably to dumb to konw what to do about it. but at least they have been notified.

you could also just add their IP to your -J DROP in your iptables rules if you really want to be cruel about it.

Well, I suppose it's time to write a script, I'd hate to have to look through my logs every day to block systems run by poor users/admins.

tis one reason why i say M$ OS makes you dumb.

oh well. glad im learning linux and loving the power of it more and more. just wish it supported my games that i play nativly.

I'm having this problem too. Going to use config below. I assume this would prevent the logs from being trashed like that?

Taken from http://forums.macosxhints.com/showthread.php?t=22371

<IfModule mod_rewrite.c>
RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
</IfModule>

Andy