LinuxSA Mailing list archives

  From: Adam Ingerman <OZ_Prophet@austarnet.com.au>
  To  : <linuxsa@linuxsa.org.au>
  Date: Mon, 28 Jul 2003 01:19:24 +0930

Re: Intrusion attempts in apache access_log

On Mon, 28 Jul 2003 00:33, Michael Martucci wrote:
> Does anyone else get 100's of entries in their apache access log of
> what seem to be attempts to crack a MS-based web server?
>
> See attached log file.
>
>  (I know attachments are frowned upon on mailing lists, but it is
> text/plain and of only 2.5kb. If it is better practice to simply
> inline the text then let me know.)
>
>  Michael.

I was watching my log with tail a while back, and I got several pages worth in 
an hour or two, with those plus a lot of other interesting, MSIE-looking 
attacks, trying to get cmd.exe and all the rest... even though there's a fair 
few HEAD requests, and I dont have apache hiding its ID.
I also get hits with samba from time to time, which isn't suprising either. if 
you feel there's a point, you could log the IP and trace to their ISP, but I 
doubt much would happen

-- 
You're only young once. you can be immature forever.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject