Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Apache(Perl?) error

by r_mehmed (Sexton)
on Jan 31, 2003 at 15:29 UTC ( #231641=perlquestion: print w/ replies, xml ) Need Help??
r_mehmed has asked for the wisdom of the Perl Monks concerning the following question:

Dear monks, Does anyone know what these errors mean?
[Fri Jan 31 14:56:47 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:56:52 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/MSADC [Fri Jan 31 14:56:58 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/c [Fri Jan 31 14:57:03 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/d [Fri Jan 31 14:57:08 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:57:13 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/_vti_bin [Fri Jan 31 14:57:19 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/_mem_bin [Fri Jan 31 14:57:27 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/msadc [Fri Jan 31 14:57:32 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:57:42 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:57:48 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:58:03 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts
First thing off, is that I never request these files. As I was browsing my error log I found that this occurs every now and then. Not that I do something strange in my Perl scripts.I also checked Apache's access.log,and the IP address that requests them is different then mine. I wander if this has anything to do with Perl's -w???
The worriying thing is that in access.log i have a line that reads 172.181.45.176 - - [31/Jan/2003:14:58:03 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298,which is I guess the Command Prompt!!! Could my computer be used as a spam generator??????
thanks
r_mehmed
novice

Comment on Apache(Perl?) error
Select or Download Code
Re: Apache(Perl?) error
by Heidegger (Hermit) on Jan 31, 2003 at 15:33 UTC
    I've also noticed this message in my logs. Looks as if someone's looking for a root.exe, cmd.exe files. I put a password on my Apache with .htaccess and it stopped ;-)
Re: Apache(Perl?) error
by dempa (Friar) on Jan 31, 2003 at 15:36 UTC

    These are traces of someone probing for open security holes (Nimda etc) in IIS. You should be safe with Apache.

    -- 
    dempa

Re: Apache(Perl?) error
by moxliukas (Curate) on Jan 31, 2003 at 15:44 UTC

    No, this is very probably worm activity. Nothing serious unless you run Windows IIS ;)

    It has nothing to do with Perl. I get tons of these every day on my servers. Nothing to worry about especially when the servers run Linux ;)

Re: Apache(Perl?) error
by Anonymous Monk on Jan 31, 2003 at 15:49 UTC
    http://www.der-keiler.de/Mailing-Lists/Securiteam/2002-02/0104.html
    Home > Mailing-Lists > Securiteam > 2002-02 Newsgroups Recommendat +ions Privacy [NT] Phusion Webserver File Viewing, DoS and Arbitr +ary Code Execution Vulnerabilities From: support@securiteam.com Date: 02/17/02 Previous message: support@securiteam.com: "[UNIX] MPG123 Local Buffer +Overflow Vulnerability (Command Line)" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attac +hment ] ---------------------------------------------------------------------- +---------- From: support@securiteam.com To: list@securiteam.com Date: Sun, 17 Feb 2002 10:51:46 +0100 (CET) The following security advisory is sent to the securiteam mailing list +, and can be found at the SecuriTeam web site: http://www.securiteam. +com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're safe. - - - - - - - - - Phusion Webserver File Viewing, DoS and Arbitrary Code Execution Vulnerabilities ---------------------------------------------------------------------- +-- SUMMARY <http://www.bbshareware.com/> Phusion Webserver Server is an Webserve +r for Windows 9x/NT/2000. Multiple security vulnerabilities have been fo +und in the product that allow remote attackers to launch a denial-of-servi +ce, retrieve files that reside outside the normal HTTP bounding directory, + overflow an internal buffer causing it to execute arbitrary code, and execute arbitrary commands (via a directory traversal bug). DETAILS
Re: Apache(Perl?) error
by hardburn (Abbot) on Jan 31, 2003 at 18:43 UTC

    What we need here is a Perl script that scans for Nimbda requests and automatically retaliates with a full nuclear strike. (Who would have though that atomic fusion can be done in a one-liner?)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://231641]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (4)
As of 2014-09-18 06:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (108 votes), past polls