Date: Thu, 27 Sep 2001 11:30:47 -0400 From: "Marius Kirschner" <marius@agoron.com> To: <cstrzelc@yahoo.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Apache server log Message-ID: <005801c14769$73498220$49e9b5ce@quasi> In-Reply-To: <20010927152824.55499.qmail@web12501.mail.yahoo.com>
index | next in thread | previous in thread | raw e-mail
Yep, that's Nimda, alright. Nothing you have to worry about if you run a unix system. ---Marius > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd- > questions@FreeBSD.ORG] On Behalf Of Christopher Strzelczyk > Sent: Thursday, September 27, 2001 11:28 AM > To: freebsd-questions@FreeBSD.ORG > Subject: Apache server log > > Hello, > > I was wondering if the following Apache log data > is a result of the Nimda virus or if it's a real hack > attempt. > > [Thu Sep 27 01:24:29 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/msadc/..%5c../..%5c../..%5c/..Á^\../..Á^\../..Á^\../winnt/system 32 > /cmd.exe > [Thu Sep 27 01:24:29 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..Á^\../winnt/system32/cmd.exe > [Thu Sep 27 01:24:29 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..À¯../winnt/system32/cmd.exe > [Thu Sep 27 01:24:29 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..ÁM-^\../winnt/system32/cmd.exe > [Thu Sep 27 01:24:30 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..%5c../winnt/system32/cmd.exe > [Thu Sep 27 01:24:30 2001] [error] [client > 198.88.14.4] File does not exist: > /usr/HTTPServer/htdoc > s/en_US/scripts/..%2f../winnt/system32/cmd.exe > > The script thinks it's a windows box. I think this is > the latest virus but I'm not sure. Also are there any > programs I can run to block logging of these messages > to the error_log. The logs are getting quite large. > > Thank You > -Chris > > ===== > Chris Strzelczyk > cstrzelc@yahoo.com > chris4136@email.com > > __________________________________________________ > Do You Yahoo!? > Listen to your Yahoo! Mail messages from any phone. > http://phone.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the messagehelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005801c14769$73498220$49e9b5ce>