• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Apache Logs in post - need help deciphering this

episodic

episodic

Lifer
I've got all these separated by occurance (and I removed the IP addresses). Can someone tell me what is occuring? I put my first Apache server online on my home computer a few days ago, and have been getting alot of weird traffic like this.

Are these hack attempts? Do they look like they could have been successful? What are they entering in the browsers to get this?

For instance what do they type into a browser to make apache return "File does not exist c:/apache/apache/htdocs/msadc/root.exe" ?

What is it they are trying to accomplish? Do I have any real worries running the lates apache 1.3* full time?

Thank you for your assistance!

[Thu Jun 03 21:01:23 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/guestbook.php
[Fri Jun 04 07:13:35 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/root.exe
[Fri Jun 04 07:13:35 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/msadc/root.exe
[Fri Jun 04 07:13:35 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/c/winnt/system32/cmd.exe
[Fri Jun 04 07:13:35 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/d/winnt/system32/cmd.exe
[Fri Jun 04 07:13:35 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Fri Jun 04 07:13:36 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/_vti_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe

More
[Fri Jun 04 07:22:42 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/favicon.ico
[Fri Jun 04 07:22:54 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/favicon.ico
[Fri Jun 04 07:23:01 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/favicon.ic


Some more

[Sat Jun 05 02:31:15 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/root.exe
[Sat Jun 05 02:31:15 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/msadc/root.exe
[Sat Jun 05 02:31:15 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/c/winnt/system32/cmd.exe
[Sat Jun 05 02:31:16 2004] [error] [client File does not exist: c:/apache/apache/htdocs/d/winnt/system32/cmd.exe
[Sat Jun 05 02:31:16 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Sat Jun 05 02:31:16 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/_vti_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Sat Jun 05 02:31:16 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/_mem_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Sat Jun 05 02:31:16 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/msadc/..%5c/..%5c/..%5c/..\xc1\x1c/..\xc1\x1c/..\xc1\x1c/winnt/system32/cmd.exe
[Sat Jun 05 02:31:17 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc1\x1c/winnt/system32/cmd.exe
[Sat Jun 05 02:31:17 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc0\xaf/winnt/system32/cmd.exe
[Sat Jun 05 02:31:17 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc1\x9c/winnt/system32/cmd.exe
[Sat Jun 05 02:31:18 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Sat Jun 05 02:31:18 2004] [error] [client File does not exist: c:/apache/apache/htdocs/scripts/..%2f/winnt/system32/cmd.exe

Some more

[Sun Jun 06 12:09:57 2004] [error] [client] File does not exist: c:/apache/apache/htdocs/msadc/root.exe
[Sun Jun 06 12:09:58 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/c/winnt/system32/cmd.exe
[Sun Jun 06 12:09:58 2004] [error] [client File does not exist: c:/apache/apache/htdocs/d/winnt/system32/cmd.exe
[Sun Jun 06 12:09:58 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Sun Jun 06 12:09:58 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/_vti_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Sun Jun 06 12:09:58 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/_mem_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Sun Jun 06 12:09:59 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/msadc/..%5c/..%5c/..%5c/..\xc1\x1c/..\xc1\x1c/..\xc1\x1c/winnt/system32/cmd.exe
[Sun Jun 06 12:09:59 2004] [error] [client ile does not exist: c:/apache/apache/htdocs/scripts/..\xc1\x1c/winnt/system32/cmd.exe
[Sun Jun 06 12:09:59 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc0\xaf/winnt/system32/cmd.exe
[Sun Jun 06 12:09:59 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc1\x9c/winnt/system32/cmd.exe
[Sun Jun 06 12:10:00 2004] [error] [client File does not exist: c:/apache/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Sun Jun 06 12:10:00 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%2f/winnt/system32/cmd.exe
[Sun Jun 06 13:28:09 2004] [error] [client ] request failed: URI too long
[Sun Jun 06 18:30:29 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/root.exe
[Sun Jun 06 18:30:29 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/msadc/root.exe
[Sun Jun 06 18:30:29 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/c/winnt/system32/cmd.exe
[Sun Jun 06 18:30:29 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/d/winnt/system32/cmd.exe
[Sun Jun 06 18:30:29 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Sun Jun 06 18:30:30 2004] [error] [client File does not exist: c:/apache/apache/htdocs/_vti_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Sun Jun 06 18:30:30 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/_mem_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Sun Jun 06 18:30:30 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/msadc/..%5c/..%5c/..%5c/..\xc1\x1c/..\xc1\x1c/..\xc1\x1c/winnt/system32/cmd.exe
[Sun Jun 06 18:30:30 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc1\x1c/winnt/system32/cmd.exe
[Sun Jun 06 18:30:30 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc0\xaf/winnt/system32/cmd.exe
[Sun Jun 06 18:30:30 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc1\x9c/winnt/system32/cmd.exe
[Sun Jun 06 18:30:31 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Sun Jun 06 18:30:31 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%2f/winnt/system32/cmd.exe

[Fri Jun 04 07:13:36 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/_mem_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Fri Jun 04 07:13:36 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/msadc/..%5c/..%5c/..%5c/..\xc1\x1c/..\xc1\x1c/..\xc1\x1c/winnt/system32/cmd.exe
[Fri Jun 04 07:13:36 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc1\x1c/winnt/system32/cmd.exe
[Fri Jun 04 07:13:37 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc0\xaf/winnt/system32/cmd.exe
[Fri Jun 04 07:13:37 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..\xc1\x9c/winnt/system32/cmd.exe
[Fri Jun 04 07:13:37 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Fri Jun 04 07:13:38 2004] [error] [client ] File does not exist: c:/apache/apache/htdocs/scripts/..%2f/winnt/system32/cmd.exe
 
The ones looking for cmd.exe look like they could be a script trying to exploit IIS (especially the ones referencing something under _vti_bin or _mem_bin). If they were typing something into a browser, it would be something like: http://[i IP address or domain>[/i]/guestbook.php (using the example of the first entry). Looking at those logs, I can see you're running Apache on a Windows sytem, and have your apache document root set to c:\apache\apache\htdocs.

The fact that those entries are showing up as errors means the attempts were unsuccessful. The server responded as it should have (presumably) by responding to the attempts with a "404: File not found" error.

JW
 
root.exe and cmd.exe are typical code red v2(?) attempts. They happen. The favicon is that little Anandtech A or whatever in the address bar. You don't have a favicon so someone looking for one won't find one.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top