[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Viruses and apache

Subject: Re: Viruses and apache
From: Dan Shoop <email@hidden>
Date: Fri, 31 Jan 2003 02:11:17 -0500

At 12:48 PM +1100 1/31/03, Dafydd Williams wrote:

Hi all,

Our OS X 10.2.3 machine is getting hit by something that reminds me of a
recent Windows virus. The apache log reveals the following:

---

***.***.***.*** - - [30/Jan/2003:17:31:26 +1100] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304

---

(incoming IP starred to prevent embarrasment :) )

This is obviously just going to bounce off us, due to the fact we're running
the wrong OS... or is that the right OS? My query is, can I block these IPs
in some way? If so, how?

It's generally not worth the trouble to filter these by IP. They won't do much more than skew your stats, but that can be remedied in the stats programs or you can use it as an indicator of how infected the network is.

YMMV
--

-dhan
via email@hidden

------------------------------------------------------------------------
Dan Shoop 127 East Prospect Street
Consulting Internet Architect Waldwick, NJ 07463
email@hidden

pgp public key available on the canonical key servers
pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B

"Sadly, text alone cannot convey the depths of my sarcasm."
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.

Follow-Ups:
- Re: Viruses and apache
  - From: Dafydd Williams <email@hidden>

References:
	>Viruses and apache (From: Dafydd Williams <email@hidden>)

Prev by Date: Re: Viruses and apache
Next by Date: Re: setting host aliases (like /etc/hosts)?
Previous by thread: Re: Viruses and apache
Next by thread: Re: Viruses and apache
Index(es):
- Date
- Thread

Home