someone trying to hack me?
i'm pretty new to this unix-stuff that X is giving...
I was just checking my /var/log/httpd/error_log and I noticed:
[code][Mon Mar 10 14:58:49 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/root.exe
[Mon Mar 10 14:58:50 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/MSADC/root.exe
[Mon Mar 10 14:58:51 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/c/winnt/system32/cmd.exe
[Mon Mar 10 14:58:52 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/d/winnt/system32/cmd.exe
[Mon Mar 10 14:58:53 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..%5c../winnt/system32/cmd.exe
[Mon Mar 10 14:58:55 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Mon Mar 10 14:59:05 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Mon Mar 10 14:59:08 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/msadc/..%5c../..%5c../..%5c/..¡../..¡../..¡../winnt/system32/cmd.exe
[Mon Mar 10 14:59:09 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..¡../winnt/system32/cmd.exe
[Mon Mar 10 14:59:20 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..¿Ø../winnt/system32/cmd.exe
[Mon Mar 10 14:59:30 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..¡ú../winnt/system32/cmd.exe
[Mon Mar 10 14:59:42 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..%5c../winnt/system32/cmd.exe
[Mon Mar 10 14:59:43 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..%2f../winnt/system32/cmd.exe
[Mon Mar 10 15:30:39 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/root.exe
[Mon Mar 10 15:30:44 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/MSADC/root.exe
[Mon Mar 10 18:07:54 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/scripts/root.exe
[Mon Mar 10 18:07:54 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/MSADC/root.exe
[Mon Mar 10 18:07:55 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/c/winnt/system32/cmd.exe
[Mon Mar 10 18:07:55 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/d/winnt/system32/cmd.exe</pre><hr></blockquote>
that's 20 entries in 3 hours... as you can imagine I have an error_log from a few MB...
I'm behind an Airport that only has ports 80 and 427 open...
What am I supposed to do with this? ignore or report?
Also noticed that these logs don't get cleaned by MacJanitor. Do they ever get cleaned (besides manually?)
tnx
crooked_spoon
I was just checking my /var/log/httpd/error_log and I noticed:
[code][Mon Mar 10 14:58:49 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/root.exe
[Mon Mar 10 14:58:50 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/MSADC/root.exe
[Mon Mar 10 14:58:51 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/c/winnt/system32/cmd.exe
[Mon Mar 10 14:58:52 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/d/winnt/system32/cmd.exe
[Mon Mar 10 14:58:53 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..%5c../winnt/system32/cmd.exe
[Mon Mar 10 14:58:55 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Mon Mar 10 14:59:05 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Mon Mar 10 14:59:08 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/msadc/..%5c../..%5c../..%5c/..¡../..¡../..¡../winnt/system32/cmd.exe
[Mon Mar 10 14:59:09 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..¡../winnt/system32/cmd.exe
[Mon Mar 10 14:59:20 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..¿Ø../winnt/system32/cmd.exe
[Mon Mar 10 14:59:30 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..¡ú../winnt/system32/cmd.exe
[Mon Mar 10 14:59:42 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..%5c../winnt/system32/cmd.exe
[Mon Mar 10 14:59:43 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..%2f../winnt/system32/cmd.exe
[Mon Mar 10 15:30:39 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/root.exe
[Mon Mar 10 15:30:44 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/MSADC/root.exe
[Mon Mar 10 18:07:54 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/scripts/root.exe
[Mon Mar 10 18:07:54 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/MSADC/root.exe
[Mon Mar 10 18:07:55 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/c/winnt/system32/cmd.exe
[Mon Mar 10 18:07:55 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/d/winnt/system32/cmd.exe</pre><hr></blockquote>
that's 20 entries in 3 hours... as you can imagine I have an error_log from a few MB...
I'm behind an Airport that only has ports 80 and 427 open...
What am I supposed to do with this? ignore or report?
Also noticed that these logs don't get cleaned by MacJanitor. Do they ever get cleaned (besides manually?)
tnx
crooked_spoon
Comments
In other words, since you're running Apache on MacOS X, you're immune.
But it *is* annoying. These folks are infected and don't realize it (or don't care). I report these to my ISP regularly, and they block them out or even (gasp) contact them if they're on the ISP network and tell them to clean up their system.