RES: [FUGSPBR] Apache 1.3.27

Mauricio Goto freebsd-brasil em sys.adm.br
Qua Fev 5 01:56:51 BRST 2003 

isso eh um lixo, faca um filtro usando Rewriting

SetEnvIf Remote_Addr "127\.0\.0\.1" babacas
SetEnvIf Request_URI "^robots\.txt$" babacas
SetEnvIf Request_URI "^cmd\.exe$" babacas
SetEnvIf Request_URI "^root\.exe$" babacas
CustomLog /usr/local/apache/logs/access_log seupadrao env=!babacas

so deixa esses tipos de erros para error_log. 

[]x


> hahahahah tentativa  de  ataque  a um servidor  IIS  do  windows 2000   
> que  coisa  medonha   unicode  ja  foi  muito  explarado  ahahahhahaha
> 
> Luciano Brandão Cruz - 4COM wrote:
> 
> > ataque
> >
> >
> > -----Mensagem original-----
> > De: Marcelo Aragão [mailto:marcelo.aragao em infomti.com.br]
> > Enviada em: terça-feira, 4 de fevereiro de 2003 10:45
> > Para: fugspbr em fugspbr.org
> > Assunto: [FUGSPBR] Apache 1.3.27
> >
> >
> > alguém sabe o q mensagem é essa?
> >
> > Feb  4 11:42:10 server /kernel: pid 24393 (httpd), uid 65534: exited on
> > signal 10
> >
> > e no err_log
> >
> > [Tue Feb  4 09:30:25 2003] [error] [client 200.47.33.73] File does not
> > exist: /usr/local/apache/htdocs/c/winnt/system32/cmd.exe
> > [Tue Feb  4 09:30:28 2003] [error] [client 200.47.33.73] File does not
> > exist: /usr/local/apache/htdocs/d/winnt/system32/cmd.exe
> > [Tue Feb  4 09:30:32 2003] [error] [client 200.47.33.73] File does not
> > exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe
> > [Tue Feb  4 09:30:37 2003] [error] [client 200.47.33.73] File does not
> > exist:
> > /usr/local/apache/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd 
> >
> > .exe
> > [Tue Feb  4 09:30:43 2003] [error] [client 200.47.33.73] File does not
> > exist:
> > /usr/local/apache/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd 
> >
> > .exe
> > [Tue Feb  4 09:30:46 2003] [error] [client 200.47.33.73] File does not
> > exist:
> > /usr/local/apache/htdocs/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt 
> >
> > /system32/cmd.exe
> > [Tue Feb  4 09:30:50 2003] [error] [client 200.47.33.73] File does not
> > exist: /usr/local/apache/htdocs/scripts/..Á../winnt/system32/cmd.exe
> > [Tue Feb  4 09:31:01 2003] [error] [client 200.47.33.73] File does not
> > exist: /usr/local/apache/htdocs/scripts/..À¯../winnt/system32/cmd.exe
> > [Tue Feb  4 09:31:08 2003] [error] [client 200.47.33.73] File does not
> > exist: /usr/local/apache/htdocs/scripts/..Á../winnt/system32/cmd.exe
> > [Tue Feb  4 09:31:26 2003] [error] [client 200.47.33.73] File does not
> > exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe
> > [Tue Feb  4 09:31:33 2003] [error] [client 200.47.33.73] File does not
> > exist: /usr/local/apache/htdocs/scripts/..%2f../winnt/system32/cmd.exe
> > [Tue Feb  4 10:55:12 2003] [error] [client 66.77.73.146] File does not
> > exist: /usr/local/apache/htdocs/robots.txt
> >
> > a maq tá com o FreeBSD 4.7 Stable e apache 1.3.27 com php 4.3
> >
> > será q é algum tipo de ataque? virus?
> >
> >
> > []´s
> > Marcelo Aragão
> >
> > _______________________________________________________________
> > Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
> > Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
> >
> >
> > AVISO LEGAL
> > Esta mensagem eh exclusivamente para a pessoa do destinatario, podendo 
> > conter infomacoes confidencias ou legalmente protegidas. A transmissao 
> > incorreta da mensagem nao acarreta a perda de sua confidencialidade. 
> > Caso esta mensagem tenha sido recebida por engano, solicitamos que 
> > seja devolvida ao rementente e apagada de seu sistema imediatamente. 
> > Eh vedado a qualquer pessoa que nao seja destinatario usar, revelar, 
> > distribuir ou copiar qualquer parte desta mensagem.
> >
> > DISCLAIMER
> > This message is destined exclusively to the intendend receiver. It may 
> > contain confidential or legally protected information. The incorrect 
> > transmission of this message does not mean the loss of its 
> > confidentiality. If this message is receiveid by mistake, please send 
> > it back to the sender and delete it from your system immediately. It 
> > is forbidden to any person who is not intendend receiver to use, 
> > reveal, distribute, or copy any part if this message.
> >
> >
> 
> 
> _______________________________________________________________
> Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
> Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
> 
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/

Mais detalhes sobre a lista de discussão freebsd