[ale] stupid question to the apache experts
greg at turnstep.com
greg at turnstep.com
Thu Aug 23 07:44:34 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Going through my log just now and I see a GET to a fully qualified
> url that is in no way related to my site. Anyone explain to me how
> this could happen? A screwed up dns? Why wouldn't this show up in
> my error_log?
Could be the Code Red [123] Worm. If the entry is a request for
"default.ida" with a whole bunch of garbage afterwards, it's
the worm. Of course, as an Apache user you have nothing at
all to worry about. :) Check the fourth to last field for the code
that the browser returned. If it's a 400 series, then you should
also have a line in the error_log. (This code comes right after
the GET request.) For example, here are two recent entries
from my access_log:
(the actual requests are hundreds of characters long, trimmed
to save space)
207.197.158.22 - - [23/Aug/2001:03:50:38 -0400]
"GET /default.ida?XXX%u909%u00=a HTTP/1.0" 403 273 "-" "-"
212.213.219.229 - - [23/Aug/2001:07:01:26 -0400]
"GET /default.ida?XXX%u00=a HTTP/1.0" 404 1589 "-" "-"
Both have 400 error codes (access denied and file not found) so show up in
the error log as well. In the future, please
go ahead and post the relevant line from the access_log
to the list (edited for privacy if you wish), as all of this
is only a guess. :)
Greg Sabino Mullane
- ----------------------------------------------------------------
/~\ The ASCII
\ / Ribbon Campaign *greg at turnstep.com*
X Against HTML PGP Key: 0x14964AC8
/ \ Email! 200108220742
-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html
iQA/AwUBO4TsgLybkGcUlkrIEQJoWQCeOVz9JHjUDuhA+aJgbYXiGmJdymc
AoKtB
TXfDJxvsZEwOvifu0miYnq7n
=PxKj
-----END PGP SIGNATURE-----
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list