Apache Logs... was someone trying to hack me?

Toggle sidebar Toggle sidebar
N

Netopia

Diamond Member
Oct 9, 1999
4,793
4
81
Can I assume that the following in my Apache logs means that someone was probing to see if:

A) I was an IIS Server
and
B) Could they gain access

Is there anything I should do about LOTS of entries like this in my Apache logs? It would take way too much time to try to contact the ISP of each offending IP, so I'm not sure if I could do anything at all.

Joe
 
C

Cheetah8799

Diamond Member
Apr 12, 2001
4,508
0
76
If the IP addresses are changing quickly then it is probably the same hacker who is spoofing a bunch of random IP addresses. THere isn't much you can do if that is the case. If however it is one or two IP addresses, you can configure your firewall to block those IPs.
 
N

Netopia

Diamond Member
Oct 9, 1999
4,793
4
81
Which brings up another issue for me....

I'm running RH9 and although I can easily get to their basic little firewall applet, where are the files that I can actually configure to customize the firewall? Anyone?

Joe
 
Nothinman

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
It's probably just CodeRed or Nimda trying to spread itself, there's still a ton of stupid IIS admins out there with unpatched servers.
 
C

Cheetah8799

Diamond Member
Apr 12, 2001
4,508
0
76
I'm not sure how to configure the firewall in RH9. There should be plenty of documentatino for that though, check at redhat to see if they have any tutorials.

As for CodeREd or Nimda, you're probably right. Any system infected might just be scanning the internet for someone to attack and your web server just happened to be in its path...

 
E

EmperorRob

Senior member
Mar 12, 2001
968
0
0
I can't speak for the guis but I just use iptables-save and iptables-restore for my RH machine.
 
N

Netopia

Diamond Member
Oct 9, 1999
4,793
4
81
I ended up using lokkit for a quick change. Wish there were something more gui'ish, but I probably need to knuckle under and learn the configs by hand.

Thanks for all the responses.

Joe
 
N

Netopia

Diamond Member
Oct 9, 1999
4,793
4
81
Actually, the firewall config was for another machine that also has internet accessability for http and ftp through a hardware firewall and I wanted to open up ports 137 and 139 (inside the firewall... for LAN usage) so that I could access the box through SMB.

I'm still learning about *nix, haven't taken any classes and only have one friend who's interested, so it's slow going but I'm learning every step of the way! :)

Joe
 
C

Cheetah8799

Diamond Member
Apr 12, 2001
4,508
0
76
Why care? well, have I got a story for you!

About 6 or 7 months ago at work I had a guy in India of all places bombard our primary web server with attempts to run various IIS scripts and such. It was probably some virus, but it caused a lot of problems for us because his servers were requesting pages from our server at an extremely high rate of speed. The log files got so huge that the hard drive filled up and the system basically crashed...

anyway, not the most impressive story, but that's why I would care...
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: Cheetah8799
Why care? well, have I got a story for you!

About 6 or 7 months ago at work I had a guy in India of all places bombard our primary web server with attempts to run various IIS scripts and such. It was probably some virus, but it caused a lot of problems for us because his servers were requesting pages from our server at an extremely high rate of speed. The log files got so huge that the hard drive filled up and the system basically crashed...

anyway, not the most impressive story, but that's why I would care...
Click to expand...

Sounds like an administration error...
 
Nothinman

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
Why care? well, have I got a story for you!

About 6 or 7 months ago at work I had a guy in India of all places bombard our primary web server with attempts to run various IIS scripts and such. It was probably some virus, but it caused a lot of problems for us because his servers were requesting pages from our server at an extremely high rate of speed. The log files got so huge that the hard drive filled up and the system basically crashed...

anyway, not the most impressive story, but that's why I would care...
Click to expand...

I know that can happen, but it doesn't sound like that's the case here. If you're like everyone else you get a few requests an hour from CodeRed/Nimda boxes so it doesn't affect performance.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom