Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Danny Wong on January 14, 2003, 08:42:31 AM
-
My HTTPD error log is full of these.
[Mon Jan 13 16:51:24 2003] [error] [client 67.40.2.115] File does not exist: /home/e-smith/files/primary/html/scripts/..Á�../winnt/system32/cmd.exe
Does anyone know if this is a worm attack, or just some fool wishing I had a vulnerable windows machine, or what?
-
The line shows an attack by the Nimda virus, it is safe to ignore it...
Hope this helps,
Thomas Kristensen
-
http://myezserver.com/downloads/mitel/contrib/apache-hits/ is a script that will parse your log files and show how many times your server has been scanned for Nimda and CodeRed. You can see ours at http://www.chrouch.com/worms/ if you're interested.
-
I run this and get "cannot find access log".
I checked the php, and also my server (5.5u2) and the path is correct.
any ideas?
Brian
-
Does you webserver user (www) have read access to the logfile?
-
Here's the relevant info:
[root@server01 httpd]# ls -l access_log
lrwxrwxrwx 1 root root 25 Jan 15 01:12 access_log -> access_log
.20030115011203
[root@server01 httpd]# ls -l access*
lrwxrwxrwx 1 root root 25 Jan 15 01:12 access_log -> access_log.20030115011203
-rw-r--r-- 1 root root 81589 Dec 14 21:29 access_log.20021208011204
-rw-r--r-- 1 root root 96745 Dec 21 08:39 access_log.20021215011203
-rw-r--r-- 1 root root 64286 Dec 28 20:21 access_log.20021222011203
-rw-r--r-- 1 root root 38788 Dec 31 15:00 access_log.20021229011200
-rw-r--r-- 1 root root 161770 Jan 7 17:52 access_log.20030101011203
-rw-r--r-- 1 root root 118149 Jan 14 23:00 access_log.20030108011202
-rw-r--r-- 1 root root 31477 Jan 16 04:52 access_log.20030115011203
[root@server01 httpd]#
Cheers
Brian