IIS, mod_jk2, NIMDA, warnings, weird messages
I'm receiving some interesting warning messages from the mod_jk2 connector and from IIS in general. In my IIS Log: 2003-03-04 09:14:08 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /_vti_cnf/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:10 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:11 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /adsamples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:12 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:12 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /c/winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:14 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /cgi-bin/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:15 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:16 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /d/winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:17 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /iisadmpwd/..%2f..%2f..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:17 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:19 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 - - - 400 - 2003-03-04 09:14:19 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 - - - 400 - 2003-03-04 09:14:21 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:22 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:41 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 - - - 400 - 2003-03-04 09:14:41 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:43 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:14:43 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:22 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /samples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:24 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:25 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:25 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /scripts/.%2e/.%2e/winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:27 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 - - - 400 - 2003-03-04 09:15:27 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 - - - 400 - 2003-03-04 09:15:29 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:30 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /scripts/..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:30 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /scripts/..%2f../winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:30 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:35 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /scripts/..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:37 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 - 2003-03-04 09:15:43 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 HEAD /scripts/..A..A..A..Awinnt/system32/cmd.exe /c+dir+c:\ 403 - Note: I've removed the IP addresses from the above messages and replaced with xxx.xxx.xxx.xxx. ** ** In my Windows Application Event Log: Error: [jk_isapi_plugin.c (316)]: HttpFilterProc [/scripts/..%5c../winnt/system32/cmd.exe] contains one or more invalid escape sequences. Error: [jk_isapi_plugin.c (316)]: HttpFilterProc [/scripts/..%5c../winnt/system32/cmd.exe] contains one or more invalid escape sequences. Emerg: [jk_isapi_plugin.c (324)]: HttpFilterProc [/scripts/..A/../winnt/system32/cmd.exe] contains forbidden escape sequences. etc These emergencies and errors are followed by many warnings indicating that the connector workers have failed to forward to my Tomcat instance. The workers are latter re-enabled. These warning messages appear about every 4-5 hours. Initially, they don't seem to affect the tomcat connector, but, after the warnings are logged, if a user accesses the site, it takes an exceptionally long time for a page to be served. In watching the logs, the connector is reporting a bunch of connection failures, but it eventually recovers and re-enables. The site works fine afterwards. On some
Weird messages
Hi, I'm lurking here about two weeks and I would have a few questions about the weird messages in this list: Is the following normal, accepted or simply `we must live with it'? - html post - top post (ie.: reply _above_ the quoted message) - big sigblocks (over 4-5 lines) - original post/question as a reply to a message in an absolutelly unrelated thread Or there is no chance to explain this to the users of this list why all of the above is bad habit/technique? (I'm not wondering when I look at the headers from the weird posts, especially at the `X-Mailer' field.) Sorry for my english! -zsolt -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Weird messages
Hi Zsolt, I personally find it best to read the response on top and to be able to afterwards read the full request if necessary. So I don't need to search it between the hundreds of messages that come during a day. As bandwiths doesn't matter today, the increased size shouldn't be a problem. Concerning the format I would prefer not to have these messages with whole paragraphs in one line, but that's my opinion. Regards. Andreas On 12 Dec 2002 at 14:28, Zsolt Antal wrote: Hi, I'm lurking here about two weeks and I would have a few questions about the weird messages in this list: Is the following normal, accepted or simply `we must live with it'? - html post - top post (ie.: reply _above_ the quoted message) - big sigblocks (over 4-5 lines) - original post/question as a reply to a message in an absolutelly unrelated thread Or there is no chance to explain this to the users of this list why all of the above is bad habit/technique? (I'm not wondering when I look at the headers from the weird posts, especially at the `X-Mailer' field.) Sorry for my english! -zsolt -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Weird messages
Yeah, I see top posts as personal preference too, and often not something configurable in your reader. And, as long as you are careful in how you word your reply, the message may end up more readable than an inline-response. (Though there are definite times for both). The others are notorious netiquette items. Often the person just needs a gentle (private) reminder. I sent HTML posts for quite a long time, unaware my mail reader had me in that mode by default. Somebody was nice enough to point that out to me, much to my embarrasment. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., the leading provider of Net business solutions http://www.novell.com [EMAIL PROTECTED] 12/12/02 3:46:58 PM Hi Zsolt, I personally find it best to read the response on top and to be able to afterwards read the full request if necessary. So I don't need to search it between the hundreds of messages that come during a day. As bandwiths doesn't matter today, the increased size shouldn't be a problem. Concerning the format I would prefer not to have these messages with whole paragraphs in one line, but that's my opinion. Regards. Andreas On 12 Dec 2002 at 14:28, Zsolt Antal wrote: Hi, I'm lurking here about two weeks and I would have a few questions about the weird messages in this list: Is the following normal, accepted or simply `we must live with it'? - html post - top post (ie.: reply _above_ the quoted message) - big sigblocks (over 4-5 lines) - original post/question as a reply to a message in an absolutelly unrelated thread Or there is no chance to explain this to the users of this list why all of the above is bad habit/technique? (I'm not wondering when I look at the headers from the weird posts, especially at the `X-Mailer' field.) Sorry for my english! -zsolt -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Weird messages
Personally, I have privately e-mailed someone on this list who is notorious for putting a small note at the bottom of an excessively long message thread, but so far to no avail. I may just add a filter to my mail client to discard his messages, since I'm running out of interest in scrolling them. --- Noel -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Weird messages
Zsolt Antal wrote: Hi, Is the following normal, accepted or simply `we must live with it'? - html post This is debatable. There is no fixed standard on what a HTML message is. A HTML document embedded into the body of the real message as a MIME chunk is so far the closest description I've seen. On the other hand, most users have or can get their hands on a mail client that swallows HTML messages - which is not an excuse, but HTML folks are using as a leverage for their cause. As you can see, I'm sending in plain TEXT. - top post (ie.: reply _above_ the quoted message) Top post as a reply to the lower quoted section is a stupidity, agreed. But if you want to make a preamble to your reply, then it can be used. - big sigblocks (over 4-5 lines) Only if they are funny. And I'd suggest users stick to this formula: sigBlock.NumberOfLines()*sigBlocak.HumorLevel() == SignatureBlock.FIXED_CONSTANT - original post/question as a reply to a message in an absolutelly unrelated thread Utter stupidity. I don't know how they manage to do it. Reply, erase quoted text and write their message? Or there is no chance to explain this to the users of this list why all of the above is bad habit/technique? How? You'd need a moderator to police this list and evaluate every mail. For each bad mail, they would have to send a direct reply to the users and withstand a, usually, long reply-forth-and-back conversation with them, plus be a toll free support in teaching them how to use their clients. People on this list who are answering requests already have their hands full. (I'm not wondering when I look at the headers from the weird posts, especially at the `X-Mailer' field.) :-) Sorry for my english! So far, so good. Nixie. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Weird messages
Just a sidenote regarding sigblocks I appreciate that the nasty great wadge of text at the end of this email is not attractive, useful nor even humorous, however I at least am obliged to append the nasty great huge legal disclaimers at the end of any/every email I send from a work context. Could be a sign of the litigious world we're building ;-) However I will endeavour to shift it to the bottom of all text in the email so at least it isn't obstructing the basic information. Cheers -- Tref Gare Development Consultant Areeba Level 19/114 William St, Melbourne VIC 3000 email: [EMAIL PROTECTED] phone: +61 3 9642 5553 fax: +61 3 9642 1335 website: http://www.areeba.com.au -- This email is intended only for the use of the individual or entity named above and contains information that is confidential. No confidentiality is waived or lost by any mis-transmission. If you received this correspondence in error, please notify the sender and immediately delete it from your system. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any communication directed to clients via this message is subject to our Agreement and relevant Project Schedule. Any information that is transmitted via email which may offend may have been sent without knowledge or the consent of Areeba. -- -Original Message- From: Nikola Milutinovic [mailto:[EMAIL PROTECTED]] Sent: Friday, 13 December 2002 5:17 PM To: Tomcat Users List Subject: Re: Weird messages Zsolt Antal wrote: Hi, Is the following normal, accepted or simply `we must live with it'? - html post This is debatable. There is no fixed standard on what a HTML message is. A HTML document embedded into the body of the real message as a MIME chunk is so far the closest description I've seen. On the other hand, most users have or can get their hands on a mail client that swallows HTML messages - which is not an excuse, but HTML folks are using as a leverage for their cause. As you can see, I'm sending in plain TEXT. - top post (ie.: reply _above_ the quoted message) Top post as a reply to the lower quoted section is a stupidity, agreed. But if you want to make a preamble to your reply, then it can be used. - big sigblocks (over 4-5 lines) Only if they are funny. And I'd suggest users stick to this formula: sigBlock.NumberOfLines()*sigBlocak.HumorLevel() == SignatureBlock.FIXED_CONSTANT - original post/question as a reply to a message in an absolutelly unrelated thread Utter stupidity. I don't know how they manage to do it. Reply, erase quoted text and write their message? Or there is no chance to explain this to the users of this list why all of the above is bad habit/technique? How? You'd need a moderator to police this list and evaluate every mail. For each bad mail, they would have to send a direct reply to the users and withstand a, usually, long reply-forth-and-back conversation with them, plus be a toll free support in teaching them how to use their clients. People on this list who are answering requests already have their hands full. (I'm not wondering when I look at the headers from the weird posts, especially at the `X-Mailer' field.) :-) Sorry for my english! So far, so good. Nixie. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Weird messages
I think that HTML mails are a bad habbit. (But I think they are not allowed in this list anyway, AFAIK HTML mails are blocked by the list server, at least there was some discussion to do this several month ago, and I haven't recognized a HTML mail in this listz since then) I accept reply below, above or inline as a matter of taste. Personally I prefer reply above, but use sometimes inlined replies. I think that the original post should be stripped to the minimum that is needed to understand the answer. I very much dislike posts that contain complete threads of previous mails. I can accept big sigblocks. Many of us are using company accounts and have to obey company rules. I can't accept querys as answers to unrelated threads. In this list are few users that do that, but some of them are resistant to any remarks on that topic. Ralph Einfeldt Uptime Internet Solution Center GmbH, Hamburg, Germany Hosting, Content Management, Java Consulting http://www.uptime-isc.de -Original Message- From: Zsolt Antal [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 2:29 PM To: [EMAIL PROTECTED] Subject: Weird messages Is the following normal, accepted or simply `we must live with it'? - html post - top post (ie.: reply _above_ the quoted message) - big sigblocks (over 4-5 lines) - original post/question as a reply to a message in an absolutelly unrelated thread -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
weird messages
Tim-- ([EMAIL PROTECTED]) I hope that WebDav doesn't mind if we learn something from you. If some of us is on the wrong track - please correct and point to the right direction. Thanks in advance for your constructive input.