I run Apache HTTP server and an Serv-U FTP server. While checking the error.log file for Apache yesterday, I noticed it was _enormous_ and filled with repeated attempts since mid September (when I put Apache up..) that resulted in errors like this:
[Mon Oct 29 13:30:52 2001] [error] [client 24.25.230.223] File does not exist: c:/program files/apache group/apache/htdocs/_mem_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Mon Oct 29 13:30:52 2001] [error] [client 24.25.230.223] File does not exist: c:/program files/apache group/apache/htdocs/msadc/..%5c/..%5c/..%5c/..Á /..Á /..Á /winnt/system32/cmd.exe
[Mon Oct 29 13:30:53 2001] [error] [client 24.25.230.223] File does not exist: c:/program files/apache group/apache/htdocs/scripts/..Á /winnt/system32/cmd.exe
[Mon Oct 29 13:30:53 2001] [error] [client 24.25.230.223] File does not exist: c:/program files/apache group/apache/htdocs/scripts/..À¯/winnt/system32/cmd.exe
I'm assuming this is that CodeRed worm? The box is running Windows 2000, but I'm not running any of the IIS utilities, I chose to rather just use Apache and Serv-U to avoid being effected by the possible Worms going around.
Like I said, those logs above go on for months, and occur about every second - my log file is over 6mb filled only with those errors. Even if my computer is not being infected with this worm, is there anyway I can _block_ this? I assume it must have some negative consequences for someone to be hammering the box every second of the day..
[Mon Oct 29 13:30:52 2001] [error] [client 24.25.230.223] File does not exist: c:/program files/apache group/apache/htdocs/_mem_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Mon Oct 29 13:30:52 2001] [error] [client 24.25.230.223] File does not exist: c:/program files/apache group/apache/htdocs/msadc/..%5c/..%5c/..%5c/..Á /..Á /..Á /winnt/system32/cmd.exe
[Mon Oct 29 13:30:53 2001] [error] [client 24.25.230.223] File does not exist: c:/program files/apache group/apache/htdocs/scripts/..Á /winnt/system32/cmd.exe
[Mon Oct 29 13:30:53 2001] [error] [client 24.25.230.223] File does not exist: c:/program files/apache group/apache/htdocs/scripts/..À¯/winnt/system32/cmd.exe
I'm assuming this is that CodeRed worm? The box is running Windows 2000, but I'm not running any of the IIS utilities, I chose to rather just use Apache and Serv-U to avoid being effected by the possible Worms going around.
Like I said, those logs above go on for months, and occur about every second - my log file is over 6mb filled only with those errors. Even if my computer is not being infected with this worm, is there anyway I can _block_ this? I assume it must have some negative consequences for someone to be hammering the box every second of the day..
