Recently I saw an increase of strange entries in our apache error_log. They look like rejected attacks since none of the listed files/directories exist. Of course, I am wondering how much the attacker sees of those files that DO exist (and therefore, would not produce an error log) ??? (the access log shows nothing related)
The STRANGE thing is the LACK of time stamp and requesting URL !?! (the first line in example below shows the format of a regular error) Is that an exploit that looks familiar to any one ? - Horst [Tue Sep 3 14:28:55 2002] [error] [client 204.234.x.y] File does not exist: /home/httpd/html/.... sh: /etc/rc.d/init.d/httpsd: No such file or directory sh: /etc/rc.d/init.d/inet: No such file or directory grep: /var/log/httpd/access_log.2: No such file or directory grep: /var/log/httpd/access_log.3: No such file or directory grep: /var/log/httpd/access_log.4: No such file or directory grep: /var/log/httpd/access_log.5: No such file or directory grep: /var/log/httpd/access_log.6: No such file or directory _______________________________________________ Eug-lug mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
