Apache question - Tilted Forum Project Discussion Community

mhlp · 09-05-2003, 01:49 PM

I keep getting this entry in my Apache access_log, and i'm wondering what the hell the people are trying to find... mind you there are hundreds of these entry's through out my log starting sometime in may or june.

217.236.213.x - - [04/Sep/2003:08:22:53 -0700] "GET /scripts/nsiislog.dll" 404

juanvaldes · 09-05-2003, 04:23 PM

they are looking for IIS servers.
If the servers are there and not patched they gain access and execute code.
Do a google serach to find out what virus/worm/etc it is. Code Red/Nimda/Etc...

Asshole Lover · 09-05-2003, 05:19 PM

do hosted sites get hit with criminal activity like that?

mhlp · 09-05-2003, 05:23 PM

thanks! now i know i have nothing to worry about!

Quote:

Originally posted by juanvaldes
they are looking for IIS servers.
If the servers are there and not patched they gain access and execute code.
Do a google serach to find out what virus/worm/etc it is. Code Red/Nimda/Etc...

mhlp · 09-05-2003, 05:24 PM

the individual pages probably don't, but i'm sure that the server's do...

Quote:

Originally posted by Asshole Lover
do hosted sites get hit with criminal activity like that?

juanvaldes · 09-05-2003, 05:47 PM

Quote:

Originally posted by Asshole Lover
do hosted sites get hit with criminal activity like that?

yup. And that's why they better be patched.

meff · 09-05-2003, 06:57 PM

I don't think its criminal activity to probe at servers, but when you spread a damn worm over the whole planet, now, your pushing it

silenced · 09-05-2003, 10:19 PM

probing could be in direct violation with your ISP tho, I know it is with RoadRunner

oberon · 09-05-2003, 10:40 PM

Worms are most likely not criminal activity on behalf of the host connecting to your HTTP server. They probably don't even realize their server is infected.

Nowadays I just ignore the IIS worm crap that hits my servers. There's just no right way to handle them.

Boner · 09-05-2003, 10:51 PM

If you run a public HTTP server, you're going to see log entries like that. I run 4 different web servers (all Linux boxes) at different locations, and all get crap like that in the logs.

mhlp · 09-05-2003, 11:19 PM

thanks guys, you rock! i always love how quickly and professionally you all answer questions!

09-05-2003, 01:49 PM	#1 (permalink)
mhlp Upright Location: San Martin, CA	Apache question I keep getting this entry in my Apache access_log, and i'm wondering what the hell the people are trying to find... mind you there are hundreds of these entry's through out my log starting sometime in may or june. 217.236.213.x - - [04/Sep/2003:08:22:53 -0700] "GET /scripts/nsiislog.dll" 404 __________________ "Every time I look at myself, I can't believe how awesome I am." --Strongbad

09-05-2003, 05:19 PM	#3 (permalink)
Asshole Lover Crazy	do hosted sites get hit with criminal activity like that? __________________ smells like ass, tastes like _______.

09-05-2003, 06:57 PM	#7 (permalink)
meff Vanishing, like I do.. Location: Austin, TX	I don't think its criminal activity to probe at servers, but when you spread a damn worm over the whole planet, now, your pushing it __________________ Toy-like people make me boy-like.

09-05-2003, 10:19 PM	#8 (permalink)
silenced Crazy Location: Upstate NY	probing could be in direct violation with your ISP tho, I know it is with RoadRunner __________________ I am jack's broken heart

09-05-2003, 10:40 PM	#9 (permalink)
oberon Quadrature Amplitude Modulator Location: Denver	Worms are most likely not criminal activity on behalf of the host connecting to your HTTP server. They probably don't even realize their server is infected. Nowadays I just ignore the IIS worm crap that hits my servers. There's just no right way to handle them. __________________ "There are finer fish in the sea than have ever been caught." -- Irish proverb

09-05-2003, 04:23 PM	#2 (permalink)
juanvaldes Banned Location: shittown, CA	they are looking for IIS servers. If the servers are there and not patched they gain access and execute code. Do a google serach to find out what virus/worm/etc it is. Code Red/Nimda/Etc...

09-05-2003, 10:51 PM	#10 (permalink)
Boner Insane Location: Plugged In	If you run a public HTTP server, you're going to see log entries like that. I run 4 different web servers (all Linux boxes) at different locations, and all get crap like that in the logs.

09-05-2003, 11:19 PM	#11 (permalink)
mhlp Upright Location: San Martin, CA	thanks guys, you rock! i always love how quickly and professionally you all answer questions! __________________ "Every time I look at myself, I can't believe how awesome I am." --Strongbad