speednow
asked on
Urgent: Posible Dictionary Attack Every 3 Sec, Logging not caching IP
Im trying to track some 404 errors that are popping up every 3 seconds on my cold fusion "webserver.log" file.
Someone or something is trying to pull this non-existant files. Example of this log file:
-------------------------- ---------- ---------- -----
"Error","TID=952","10/05/0 7","12:35: 55","HTTP/ 1.0 404 Object Not Found. The template specified, D:\www\domain.com\Suzuki_D ealership. cfm, does not exist on the specified server."
"Error","TID=652","10/05/0 7","12:37: 55","HTTP/ 1.0 404 Object Not Found. The template specified, D:\www\domain.com\Austin_M ini.cfm, does not exist on the specified server."
"Error","TID=612","10/05/0 7","12:40: 03","HTTP/ 1.0 404 Object Not Found. The template specified, D:\www\domain.com\Burlingt on_Car_Dea lers.cfm, does not exist on the specified server."
-------------------------- ---------- ---------- --------
Like mentioned before, multiple lines every 3 sec, for different files.
Problem is also that i am logging also to NT and i can't seem to log this errors in particular on the iis logs, but if i try to access a non existing cfm from the outside world, it will be logged. Strange.
I'm trying to pin point the source.
Cold Fusion is also not logging the ip or hostname. Can this also me accomplished?
Someone or something is trying to pull this non-existant files. Example of this log file:
--------------------------
"Error","TID=952","10/05/0
"Error","TID=652","10/05/0
"Error","TID=612","10/05/0
--------------------------
Like mentioned before, multiple lines every 3 sec, for different files.
Problem is also that i am logging also to NT and i can't seem to log this errors in particular on the iis logs, but if i try to access a non existing cfm from the outside world, it will be logged. Strange.
I'm trying to pin point the source.
Cold Fusion is also not logging the ip or hostname. Can this also me accomplished?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Still unknown what is causing this.
ASKER
Im still unable to log.