Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running apache just so I can have a simple little website hosted from my computer for my family and friends. Tonight I came home to the following in my logs:
[Fri Jul 30 22:45:51 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/scripts/root.exe
[Fri Jul 30 22:45:51 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/MSADC/root.exe
[Fri Jul 30 22:45:51 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/c/winnt/system32/cmd.exe
[Fri Jul 30 22:45:51 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/d/winnt/system32/cmd.exe
[Fri Jul 30 22:45:51 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/scripts/..%5c../winnt/system32/cmd.exe
[Fri Jul 30 22:45:51 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Fri Jul 30 22:45:51 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Fri Jul 30 22:45:51 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/msadc/..%5c../..%5c../..%5c/..\xc1\x1c../..\xc1\x1c../..\xc1\x1c../winnt/system32/cmd.exe
[Fri Jul 30 22:45:52 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/scripts/..\xc1\x1c../winnt/system32/cmd.exe
[Fri Jul 30 22:45:52 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/scripts/..\xc0\xaf../winnt/system32/cmd.exe
[Fri Jul 30 22:45:52 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/scripts/..\xc1\x9c../winnt/system32/cmd.exe
[Fri Jul 30 22:45:52 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/scripts/..%5c../winnt/system32/cmd.exe
[Fri Jul 30 22:45:52 2004] [error] [client 66.229.158.211] File does not exist: /var/www/htdocs/scripts/..%2f../winnt/system32/cmd.exe
[Fri Jul 30 23:36:44 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/scripts/root.exe
[Fri Jul 30 23:36:46 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/MSADC/root.exe
[Fri Jul 30 23:36:48 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/c/winnt/system32/cmd.exe
[Fri Jul 30 23:36:52 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/d/winnt/system32/cmd.exe
[Fri Jul 30 23:36:54 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/scripts/..%5c../winnt/system32/cmd.exe
[Fri Jul 30 23:36:56 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Fri Jul 30 23:36:58 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Fri Jul 30 23:37:00 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/msadc/..%5c../..%5c../..%5c/..\xc1\x1c../..\xc1\x1c../..\xc1\x1c../winnt/system32/cmd.exe
[Fri Jul 30 23:37:02 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/scripts/..\xc1\x1c../winnt/system32/cmd.exe
[Fri Jul 30 23:37:06 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/scripts/..\xc0\xaf../winnt/system32/cmd.exe
[Fri Jul 30 23:37:08 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/scripts/..\xc1\x9c../winnt/system32/cmd.exe
[Fri Jul 30 23:37:13 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/scripts/..%5c../winnt/system32/cmd.exe
[Fri Jul 30 23:37:15 2004] [error] [client 66.65.69.175] File does not exist: /var/www/htdocs/scripts/..%2f../winnt/system32/cmd.exe
it would appear to be some windows virus maybe, so hopefully it's nothing to worry about, but i wanted to get some insight from people more knowledgable than myself. also, one thing that concerned me is that there were 16 requests made by each ip but only 13 error messages generated by me
You could try searching at google for more info on the subject, these logs are generated by Win32 viruses scanning for other vunerable machines - nothing to worry about.
Looks like the Nimda worm, its designed to exploit IIS, but since you're running Apache, you should be okay...well, except for bandwidth, depending on how often you're getting hit.
from the first google.com serch on the sujestion here. great idea, im going to muddle with this over the weekend to see what i can do to drop those annoying M$ viruses from hitting my servers.
Its a lost cause to try and drop these things. My snort log is filled with them and if you ban one IP who is infected three more pop up later. The only comfort we have is knowing that this virus just doesn't work on linux servers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.