Date: Thu, 27 Sep 2001 11:30:47 -0400 From: "Marius Kirschner" <marius@agoron.com> To: <cstrzelc@yahoo.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Apache server log Message-ID: <005801c14769$73498220$49e9b5ce@quasi> In-Reply-To: <20010927152824.55499.qmail@web12501.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yep, that's Nimda, alright. Nothing you have to worry about if you run a unix system. ---Marius > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd- > questions@FreeBSD.ORG] On Behalf Of Christopher Strzelczyk > Sent: Thursday, September 27, 2001 11:28 AM > To: freebsd-questions@FreeBSD.ORG > Subject: Apache server log >=20 > Hello, >=20 > I was wondering if the following Apache log data > is a result of the Nimda virus or if it's a real hack > attempt. >=20 > [Thu Sep 27 01:24:29 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/msadc/..%5c../..%5c../..%5c/..=C1^\../..=C1^\../..=C1^\../winnt/s= ystem 32 > /cmd.exe > [Thu Sep 27 01:24:29 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..=C1^\../winnt/system32/cmd.exe > [Thu Sep 27 01:24:29 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..=C0=AF../winnt/system32/cmd.exe > [Thu Sep 27 01:24:29 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..=C1M-^\../winnt/system32/cmd.exe > [Thu Sep 27 01:24:30 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..%5c../winnt/system32/cmd.exe > [Thu Sep 27 01:24:30 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..%2f../winnt/system32/cmd.exe >=20 > The script thinks it's a windows box. I think this is > the latest virus but I'm not sure. Also are there any > programs I can run to block logging of these messages > to the error_log. The logs are getting quite large. >=20 > Thank You > -Chris >=20 > =3D=3D=3D=3D=3D > Chris Strzelczyk > cstrzelc@yahoo.com > chris4136@email.com >=20 > __________________________________________________ > Do You Yahoo!? > Listen to your Yahoo! Mail messages from any phone. > http://phone.yahoo.com >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005801c14769$73498220$49e9b5ce>