Results 1 to 7 of 7

Thread: Apache Server

  1. Oct 2nd, 2001, 01:58 AM #1
    Chipcrap
    Chipcrap is offline

    Thread Starter
    Member Chipcrap's Avatar
    Join Date
    Mar 2001
    Posts
    52

    Apache Server

    Hey all-I got an Apache Server up and running and it seems to work fine. The odd thing is the error log states over and over and over that cmd.exe does not exist with the occational root.exe does not exist. It also gives the IP of what is trying to acces it. I traced one IP and it led to S. America, another led to Texas. Anyone know what these 2 things are for and why they are trying to be accessed? Anyone else run into this? BTW I'm running Apache on a 2K machine....


    Thanks
    Reply With Quote Reply With Quote
  2. Oct 2nd, 2001, 08:53 AM #2
    CiberTHuG
    CiberTHuG is offline
    Frenzied Member
    Join Date
    Feb 2001
    Posts
    1,140
    Which port on these requests coming in on? These may be attempts by worms such as Code Red or Nimda to access IIS vulnerabilities.
    Travis, Kung Foo Journeyman
    As always, RTFM.

    WWW Standards: HTML 4.01, CSS Level 2, ECMA 262 Bindings to DOM Level 1, JavaScript 1.3 Guide and Reference
    Perl: Learn Perl, Llama, Camel, Cookbook, Perl Monks, Perl Mongers, O'Reilly's Perl.com, ActiveState, CPAN, TPJ, and use Perl;
    YBMS, but Mozilla doesn't.
    Reply With Quote Reply With Quote
  3. Oct 2nd, 2001, 09:30 AM #3
    Chipcrap
    Chipcrap is offline

    Thread Starter
    Member Chipcrap's Avatar
    Join Date
    Mar 2001
    Posts
    52
    Not sure what port-but here is the exact log message (last 4 entries):

    [Tue Oct 02 09:30:15 2001] [error] [client 216.240.143.231] File does not exist: c:/program files/apache group/apache/htdocs/wwwroot/scripts/..À¯/winnt/system32/cmd.exe
    [Tue Oct 02 09:30:16 2001] [error] [client 216.240.143.231] File does not exist: c:/program files/apache group/apache/htdocs/wwwroot/scripts/..Áœ/winnt/system32/cmd.exe
    [Tue Oct 02 09:30:18 2001] [error] [client 216.240.143.231] File does not exist: c:/program files/apache group/apache/htdocs/wwwroot/scripts/..%5c/winnt/system32/cmd.exe
    [Tue Oct 02 09:30:18 2001] [error] [client 216.240.143.231] File does not exist: c:/program files/apache group/apache/htdocs/wwwroot/scripts/..%2f/winnt/system32/cmd.exe
    Reply With Quote Reply With Quote
  4. Oct 2nd, 2001, 10:35 AM #4
    scoutt
    Guest
    who ever it was was trying to get in to teh command line and make changes on the server or to down load stuff. are you on NT or 98? I would change teh port # and get a firewall. or make an .htaccess to lock that directory to certain people.
    Reply With Quote Reply With Quote
  6. Oct 2nd, 2001, 10:39 AM #5
    Chipcrap
    Chipcrap is offline

    Thread Starter
    Member Chipcrap's Avatar
    Join Date
    Mar 2001
    Posts
    52
    I'm running 2K. I think it's Code Red trying to get in. There are 3 different sets of IP numbers, so I'm pretty sure 3 different infected servers are trying to attack me lol. Lucky me!
    Reply With Quote Reply With Quote
  7. Oct 2nd, 2001, 08:12 PM #6
    scoutt
    Guest
    yeah but code red attacks IIS servers if I'm not mistaken, not apache.
    Reply With Quote Reply With Quote
  8. Oct 2nd, 2001, 08:18 PM #7
    filburt1
    filburt1 is offline
    Member filburt1's Avatar
    Join Date
    Aug 1999
    Posts
    6,935
    It attacks any web server; the attack is only successful on IIS. So these could be Code Red/Nimda.
    TurtleTips.com | My Forums
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width