someone trying to hack me?

Posted:
in Genius Bar edited January 2014
i'm pretty new to this unix-stuff that X is giving...

I was just checking my /var/log/httpd/error_log and I noticed:

[code][Mon Mar 10 14:58:49 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/root.exe

[Mon Mar 10 14:58:50 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/MSADC/root.exe

[Mon Mar 10 14:58:51 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/c/winnt/system32/cmd.exe

[Mon Mar 10 14:58:52 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/d/winnt/system32/cmd.exe

[Mon Mar 10 14:58:53 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..%5c../winnt/system32/cmd.exe

[Mon Mar 10 14:58:55 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe

[Mon Mar 10 14:59:05 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe

[Mon Mar 10 14:59:08 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/msadc/..%5c../..%5c../..%5c/..¡../..¡../..¡../winnt/system32/cmd.exe

[Mon Mar 10 14:59:09 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..¡../winnt/system32/cmd.exe

[Mon Mar 10 14:59:20 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..¿Ø../winnt/system32/cmd.exe

[Mon Mar 10 14:59:30 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..¡ú../winnt/system32/cmd.exe

[Mon Mar 10 14:59:42 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..%5c../winnt/system32/cmd.exe

[Mon Mar 10 14:59:43 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/..%2f../winnt/system32/cmd.exe

[Mon Mar 10 15:30:39 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/scripts/root.exe

[Mon Mar 10 15:30:44 2003] [error] [client 80.136.191.96] File does not exist: /Library/WebServer/Documents/MSADC/root.exe

[Mon Mar 10 18:07:54 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/scripts/root.exe

[Mon Mar 10 18:07:54 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/MSADC/root.exe

[Mon Mar 10 18:07:55 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/c/winnt/system32/cmd.exe

[Mon Mar 10 18:07:55 2003] [error] [client 80.195.237.193] File does not exist: /Library/WebServer/Documents/d/winnt/system32/cmd.exe</pre><hr></blockquote>



that's 20 entries in 3 hours... as you can imagine I have an error_log from a few MB...

I'm behind an Airport that only has ports 80 and 427 open...

What am I supposed to do with this? ignore or report?

Also noticed that these logs don't get cleaned by MacJanitor. Do they ever get cleaned (besides manually?)



tnx

crooked_spoon

Comments

  • Reply 1 of 1
    kickahakickaha Posts: 8,760member
    Those are Code Red and Nimda Windows virii trying to attack your Windows IIS web server.



    In other words, since you're running Apache on MacOS X, you're immune.



    But it *is* annoying. These folks are infected and don't realize it (or don't care). I report these to my ISP regularly, and they block them out or even (gasp) contact them if they're on the ISP network and tell them to clean up their system.
Sign In or Register to comment.