Security Incidents mailing list archives
Re: Strange entries in Apache access_log
From: Ben Ford <bford () securityexchange net>
Date: Sat, 01 Sep 2001 14:12:34 -0700
Ryan Russell wrote:
On Thu, 30 Aug 2001, Bart Haezeleer wrote:64.225.196.160 - - [24/Aug/2001:21:02:21 +0200] "GET /NULL.printer HTTP/1.0" 404 280Someone is checking if you're vulnerable to this: http://www.securityfocus.com/bid/2674 If you are, it's something to worry about. I think the 404 indicates that you're probably OK, but check anyway. We've been seeing a lok of .printer attempts lately.. For people who are vulnerable, you'll get no indication in the web logs that a successful exploit happened. The only clue is a w3svr restart in the event logs. I tried a couple of the exploits for this hole when it can out, and they work really well.
Err . . I think you missed the fact that he's running Apache, not IIS! ;) -b -- #===================================================================# # More dead people have written in support of Microsoft against the # # DOJ than any other single group, leading UMSA (United MS Shills # # of America) President Steve Barkto to lodge a formal complaint. # #===================================================================# ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Strange entries in Apache access_log Ryan Russell (Sep 01)
- Re: Strange entries in Apache access_log Sven Koch (Sep 02)
- Re: Strange entries in Apache access_log Ben Ford (Sep 02)
- <Possible follow-ups>
- Re: Strange entries in Apache access_log Jose Nazario (Sep 01)
- Re: Strange entries in Apache access_log //Stany (Sep 02)