[oclug]Apache Logs

[Shad Young]

No, there are likely Microsoft Frontpage extensions enabled in your
apache.conf file. Turn them off and the problem goes away.

_vti_bin is part of MS script hosting stuff. Frontpage has the neat property
of maintaining link integrity on a developing site and uses _vti* for this
purpose... Sort of like a CVS system.

Shad


----- Original Message -----
From: "Brian's Linux Box" <b_mckee at myrealbox.com>
To: <oclug at lists.oclug.on.ca>
Sent: Wednesday, October 30, 2002 1:21 PM
Subject: [oclug]Apache Logs


> Good Afternoon All
>
>     Well, www.bmckee.ca is 'on the air'
> Don't bother running over to look unless you want to look at family
> pictures.  Content is pretty thin at the moment.  :-)
>
>     At any rate - I looked at the error log for the first time and as
> startled by what looks to me like script kiddie hacking attempts
> For example
>
> [Sun Oct 27 07:41:42 2002] [error] [client XX.XX.XX.XX] File does not
exist:
> /var/www/html/MSADC/root.exe
>
> And
> [Sun Oct 27 07:42:04 2002] [error] [client XX.XX.XX.XX] File does not
exist:
> /var/www/html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
>
> Somehow I can't see that working on my RedHat system.
>
> So, judging by how soon these entries started, this obviously is pretty
> common.
> Question one -  Is there anything I can or should do?  I.e. Chase IP
numbers
> back to ISP's and report them?  Add them to the hosts.deny? Or something
> else?  Do any of you that are running webservers take a pro-active
response
> to entries like these or just do your best to bar the door and ignore
them?
>
> Second question - can anyone suggest an Apache for neophytes type book -
> preferable one that contains at least a chapter on security?
>
> Brian
>
> _______________________________________________
> oclug mailing list
> oclug at lists.oclug.on.ca
> http://www.oclug.on.ca/mailman/listinfo/oclug