Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Apache(Perl?) error

by r_mehmed (Sexton)
on Jan 31, 2003 at 15:29 UTC ( #231641=perlquestion: print w/ replies, xml ) Need Help??
r_mehmed has asked for the wisdom of the Perl Monks concerning the following question:

Dear monks, Does anyone know what these errors mean?
[Fri Jan 31 14:56:47 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:56:52 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/MSADC [Fri Jan 31 14:56:58 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/c [Fri Jan 31 14:57:03 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/d [Fri Jan 31 14:57:08 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:57:13 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/_vti_bin [Fri Jan 31 14:57:19 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/_mem_bin [Fri Jan 31 14:57:27 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/msadc [Fri Jan 31 14:57:32 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:57:42 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:57:48 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts [Fri Jan 31 14:58:03 2003] [error] [client 172.181.45.176] File does n +ot exist: C:/Apache2/htdocs/scripts
First thing off, is that I never request these files. As I was browsing my error log I found that this occurs every now and then. Not that I do something strange in my Perl scripts.I also checked Apache's access.log,and the IP address that requests them is different then mine. I wander if this has anything to do with Perl's -w???
The worriying thing is that in access.log i have a line that reads 172.181.45.176 - - [31/Jan/2003:14:58:03 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298,which is I guess the Command Prompt!!! Could my computer be used as a spam generator??????
thanks
r_mehmed
novice

Comment on Apache(Perl?) error
Select or Download Code
Re: Apache(Perl?) error
by Heidegger (Hermit) on Jan 31, 2003 at 15:33 UTC
    I've also noticed this message in my logs. Looks as if someone's looking for a root.exe, cmd.exe files. I put a password on my Apache with .htaccess and it stopped ;-)
Re: Apache(Perl?) error
by dempa (Friar) on Jan 31, 2003 at 15:36 UTC

    These are traces of someone probing for open security holes (Nimda etc) in IIS. You should be safe with Apache.

    -- 
    dempa

Re: Apache(Perl?) error
by moxliukas (Curate) on Jan 31, 2003 at 15:44 UTC

    No, this is very probably worm activity. Nothing serious unless you run Windows IIS ;)

    It has nothing to do with Perl. I get tons of these every day on my servers. Nothing to worry about especially when the servers run Linux ;)

Re: Apache(Perl?) error
by Anonymous Monk on Jan 31, 2003 at 15:49 UTC
    http://www.der-keiler.de/Mailing-Lists/Securiteam/2002-02/0104.html
    Home > Mailing-Lists > Securiteam > 2002-02 Newsgroups Recommendat +ions Privacy [NT] Phusion Webserver File Viewing, DoS and Arbitr +ary Code Execution Vulnerabilities From: support@securiteam.com Date: 02/17/02 Previous message: support@securiteam.com: "[UNIX] MPG123 Local Buffer +Overflow Vulnerability (Command Line)" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attac +hment ] ---------------------------------------------------------------------- +---------- From: support@securiteam.com To: list@securiteam.com Date: Sun, 17 Feb 2002 10:51:46 +0100 (CET) The following security advisory is sent to the securiteam mailing list +, and can be found at the SecuriTeam web site: http://www.securiteam. +com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're safe. - - - - - - - - - Phusion Webserver File Viewing, DoS and Arbitrary Code Execution Vulnerabilities ---------------------------------------------------------------------- +-- SUMMARY <http://www.bbshareware.com/> Phusion Webserver Server is an Webserve +r for Windows 9x/NT/2000. Multiple security vulnerabilities have been fo +und in the product that allow remote attackers to launch a denial-of-servi +ce, retrieve files that reside outside the normal HTTP bounding directory, + overflow an internal buffer causing it to execute arbitrary code, and execute arbitrary commands (via a directory traversal bug). DETAILS
Re: Apache(Perl?) error
by hardburn (Abbot) on Jan 31, 2003 at 18:43 UTC

    What we need here is a Perl script that scans for Nimbda requests and automatically retaliates with a full nuclear strike. (Who would have though that atomic fusion can be done in a one-liner?)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://231641]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (15)
As of 2015-07-02 13:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (38 votes), past polls