attacked? hacked? help.....!
Tom Mitchell
mitch48 at sbcglobal.net
Tue Dec 9 06:13:11 UTC 2003
On Mon, 8 Dec 2003, Lisa Durham wrote:
> Reply-To: fedora-list at redhat.com
>
> I am very new to Linux but was poking around in my newly setup Fedora
> Core 1 system today and came upon the lines below in the Apache Access
> Log when I used the "System Logs" icon in the System Tools Menu.
....
> 24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET /MSADC/root.exe?/c+dir
> HTTP/1.0" 404 325 "-" "-"
Do a google search on each of these.
You will find that 99% are attacks against Microsoft Web
applications that include self propogating viruses with known
fixes from MS.
Some do consume your bandwidth and by creating a zero length file
you can save the bandwidth. Others are simply to be endured.
Some may have cautions that apply to how you set up your server.
For exapple the line "/MSADC/root.exe?/c+dir" might be a MS worm
in the same class as the Nimda worm.
Anyhow Apache is a good server and as long as you do not get too
clever and watch the logs as you are things will be fine.
--
T o m M i t c h e l l
mitch48 -a*t- yahoo-dot-com
More information about the users
mailing list