You should doube-check some cgi scripts You have on your machine to prevent more attacks coming from that person, if his ip static, try to block it from firewall!. But be carefull when blocking other's ip.
Some apache logs, have some IIS infected machine's that probe's for other IIS Server's too. To sum it up, re-check every cgi script you have, and update your Apache, for the latest version.... etc. ===== Thanks, Louie Miranda... WebUrl: http://axis0.endofinternet.org Email: [EMAIL PROTECTED] - [EMAIL PROTECTED] ----- Original Message ----- From: "Ward William E DLDN" <[EMAIL PROTECTED]> To: "Redhat-List (E-mail)" <[EMAIL PROTECTED]> Sent: Wednesday, August 21, 2002 5:17 AM Subject: OT- Interpreting Apache logs > Ok, I don't often NOT understand what I'm seeing in my Apache logs, but this > is one of those times: (IPs removed to protect the innocent). > > <SOME IP> - - [20/Aug/2002:02:32:01 -0400] "GET /_blnk.gif HTTP/1.1" 200 56 > "<MY SITE>" "Mozilla/4.0 (compatible; MSIE 6.0; Windows > NT)::ELNSB50::000041100400030002a00206000000000506000900000000" > > What the heck is all of that at the end? Is that a Pentium III ID string or > something? > > Also, am I correct in assuming that this (and the address isn't changed > because I think he's NOT innocent) > > adsl212-115.advancedsl.com.ar - - [15/Aug/2002:19:54:58 -0400] "GET > http://cpcug.org/scripts/env.cgi HTTP/1.0" 404 275 "-" "Mozilla/3.0 > (compatible)" > > was an attempt to use my proxy to redirect an attack at CPCUG.org? If so, > since this is in the ACCESS log and this > > [Thu Aug 15 19:54:58 2002] [error] [client 200.51.212.115] File does not > exist: /var/www/html/scripts/env.cgi > > was in my error log, am I safe in assuming he did NOT succeed? Or should I > look more closely at this? > > Bill Ward > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
