Link to home
Start Free TrialLog in
Avatar of lotsofquestions
lotsofquestions

asked on

Apache logs *weird* requests

Hi:
I have Apache and Tomcat running on Linux. Apart from the .ida,cmd.exe(Nimbda,Code red) requests which all have status code 404, the server seems to be serving different sites being requested, like www.sun.com which gets status code 200.

Has my server been hacked? What should I do about this?

Thanks for any help.
Avatar of samri
samri
Flag of Malaysia image

any chance of seeing the real logfile (you can change the ip/hostname).
Avatar of lotsofquestions
lotsofquestions

ASKER

Hi: I have pasted the relevant part of the log file. HTH.

213.61.192.65 - - [19/Feb/2003:22:57:03 -0500] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 367
202.180.172.55 - - [20/Feb/2003:07:05:34 -0500] "HEAD http://www.sun.com/ HTTP/1.0" 200 -
24.118.158.128 - - [20/Feb/2003:07:08:09 -0500] "OPTIONS / HTTP/1.1" 200 0
202.180.172.55 - - [20/Feb/2003:07:22:56 -0500] "GET http://bvcelhexms.virtualave.net/prxjdg/ HTTP/1.0" 404 339
61.153.25.82 - - [20/Feb/2003:09:51:33 -0500] "HEAD / HTTP/1.0" 200 -
136.142.149.30 - - [20/Feb/2003:09:57:16 -0500] "GET / HTTP/1.1" 304 0
ASKER CERTIFIED SOLUTION
Avatar of pjedmond
pjedmond
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If you want to be a little more agressive about this individual, you could find the ip address for that host, and report tyhe mfor 'hacking' You may get them blocked or their account cancelled...on the other hand, ISPs are fairly lazy, so probably nothing will happen:(
Another thought...if you want to try this yourself, try telnetting to port 80 of your server, and checking the response after you type in:

HEAD http://www.sun.com/ HTTP/1.0


You will have to press <return> TWICE after entering it - see what you get - I suspect - disconnected..or something similar?
Thank you very much.