Hi!
I seem to be getting a kind of web exploit in my server. I have noticed
this in error_log since two days ago (I'll past just a little bit of the
file, of course):
[Mon Aug 6 02:24:36 2001] [error] [client 80.62.247.43] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:27:00 2001] [error] [client 61.132.122.178] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:29:18 2001] [error] [client 212.179.7.144] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:32:00 2001] [error] [client 61.186.37.69] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:35:04 2001] [error] [client 211.204.198.7] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:37:41 2001] [error] [client 212.39.99.79] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:38:20 2001] [error] [client 61.153.107.156] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:39:31 2001] [error] [client 211.219.53.27] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:40:43 2001] [error] [client 203.155.6.100] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:41:05 2001] [error] [client 211.11.212.51] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:42:10 2001] [error] [client 24.162.173.88] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:42:25 2001] [error] [client 208.139.195.136] File does
not exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:42:43 2001] [error] [client 210.9.199.168] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:42:53 2001] [error] [client 211.218.53.118] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:43:47 2001] [error] [client 203.143.15.78] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:44:21 2001] [error] [client 192.115.98.123] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:45:09 2001] [error] [client 202.108.122.97] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:45:48 2001] [error] [client 61.163.60.13] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:46:16 2001] [error] [client 217.83.102.57] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:46:30 2001] [error] [client 202.56.206.240] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:46:34 2001] [error] [client 211.23.90.162] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:46:45 2001] [error] [client 202.105.235.215] File does
not exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:46:58 2001] [error] [client 213.56.172.209] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:48:27 2001] [error] [client 217.128.32.8] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:50:07 2001] [error] [client 61.152.197.45] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:50:37 2001] [error] [client 210.65.142.142] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:54:04 2001] [error] [client 211.72.151.234] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:57:16 2001] [error] [client 192.100.178.91] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 02:58:18 2001] [error] [client 213.56.172.209] File does not
exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 03:04:00 2001] [error] [client 211.112.211.129] File does
not exist: /home/pages/mgdhost/default.ida
[Mon Aug 6 03:05:09 2001] [error] [client 24.251.140.60] File does not
exist: /home/pages/mgdhost/default.ida
Also, I noticed something like:
[Sun Aug 5 16:50:05 2001] [error] [client 61.168.52.212] Invalid URI in
request
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0
From one of the attackers IP, as well.
I believe that it is an IIS-oriented attack, thus, it won't happen
anything to my server, because I am running apache, but I would like to
know your opinions about this, and what could I do.
Of course, I can't block port 80 (I have webpages), and I think that
going to my firewall and deny every single IP that is attacking me could
be a bad idea, since there are a lot of different ips (hacked systems, I
guess).
What do you recommend me to do? Just ignore it, and go on with my life? :).
Thanks for your comments.
Alex.
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
