hi. i've recently installed apache server and been running over two weeks now. today i was going over access log file and found 7 to 8 acceess that were very skeptical. the log start like this:
24.86.67.103 - - [23/Oct/2004:19:44:18 -0700] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\....
is somebody trying to run illegal script on my computer while my server is running?
any information or advice will be very appreciated. thank you.
is somebody accessing my computer illegally?
Moderator: General Moderators
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
Yeah they are attempting to. Most machines on the internet get these requests at LEAST once a day trying to exploit IIS WebDAV. Run the url in your browser to see what happens and you can check the links below.
http://edgeos.com/threats/details.php?id=11413
http://www.microsoft.com/technet/securi ... 3-007.mspx
http://edgeos.com/threats/details.php?id=11413
http://www.microsoft.com/technet/securi ... 3-007.mspx
thank you
i just checked the links. thank you! i have the latest service pack from MS. but, in order to run the web server, i had to make an firewall exception for port 80. right now, i've completely shut down the server. if i have the latest SP, would it be ok to open port 80?
Probably one of the best network security tools is SNORT: http://www.snort.org/
Last edited by patrikG on Sun Oct 24, 2004 12:12 pm, edited 1 time in total.