|
Apache question
I keep getting this entry in my Apache access_log, and i'm wondering what the hell the people are trying to find... mind you there are hundreds of these entry's through out my log starting sometime in may or june.
217.236.213.x - - [04/Sep/2003:08:22:53 -0700] "GET /scripts/nsiislog.dll" 404 |
they are looking for IIS servers.
If the servers are there and not patched they gain access and execute code. Do a google serach to find out what virus/worm/etc it is. Code Red/Nimda/Etc... |
do hosted sites get hit with criminal activity like that?
|
thanks! now i know i have nothing to worry about! :D
Quote:
|
the individual pages probably don't, but i'm sure that the server's do...
Quote:
|
Quote:
|
I don't think its criminal activity to probe at servers, but when you spread a damn worm over the whole planet, now, your pushing it :)
|
probing could be in direct violation with your ISP tho, I know it is with RoadRunner
|
Worms are most likely not criminal activity on behalf of the host connecting to your HTTP server. They probably don't even realize their server is infected.
Nowadays I just ignore the IIS worm crap that hits my servers. There's just no right way to handle them. |
If you run a public HTTP server, you're going to see log entries like that. I run 4 different web servers (all Linux boxes) at different locations, and all get crap like that in the logs.
|
thanks guys, you rock! i always love how quickly and professionally you all answer questions! :D
|
| All times are GMT -8. The time now is 04:24 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project