From owner-freebsd-questions  Thu Sep 27  8:28:30 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from web12501.mail.yahoo.com (web12501.mail.yahoo.com [216.136.173.193])
	by hub.freebsd.org (Postfix) with SMTP id 9938037B432
	for <freebsd-questions@freebsd.org>; Thu, 27 Sep 2001 08:28:24 -0700 (PDT)
Message-ID: <20010927152824.55499.qmail@web12501.mail.yahoo.com>
Received: from [198.88.118.10] by web12501.mail.yahoo.com via HTTP; Thu, 27 Sep 2001 08:28:24 PDT
Date: Thu, 27 Sep 2001 08:28:24 -0700 (PDT)
From: Christopher Strzelczyk <cstrzelc@yahoo.com>
Reply-To: cstrzelc@yahoo.com
Subject: Apache server log
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello,

     I was wondering if the following Apache log data
is a result of the Nimda virus or if it's a real hack
attempt.  

[Thu Sep 27 01:24:29 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/msadc/..%5c../..%5c../..%5c/..Á^\../..Á^\../..Á^\../winnt/system32/cmd.exe
[Thu Sep 27 01:24:29 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..Á^\../winnt/system32/cmd.exe
[Thu Sep 27 01:24:29 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..À¯../winnt/system32/cmd.exe
[Thu Sep 27 01:24:29 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..ÁM-^\../winnt/system32/cmd.exe
[Thu Sep 27 01:24:30 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..%5c../winnt/system32/cmd.exe
[Thu Sep 27 01:24:30 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..%2f../winnt/system32/cmd.exe

The script thinks it's a windows box.  I think this is
the latest virus but I'm not sure.  Also are there any
programs I can run to block logging of these messages
to the error_log.  The logs are getting quite large.

Thank You 
-Chris

=====
Chris Strzelczyk
cstrzelc@yahoo.com
chris4136@email.com

__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message