PHWinfo - Afficher un message

18/02/2005, 23h41

Jim Hayter wrote:
> On Fri, 18 Feb 2005 11:15:48 -0700, in
> comp.infosystems.www.servers.unix, Saurabh Barve
> <barve@cs.colostate.edu> wrote:
>
>
>>Hi,
>>
>>I am new on the this group, and am not entirely sure if this message is
>>relevant here. I am hoping that someone will either give me a solution
>>or tell me to not post messages of this kind here! Any response would be
>>welcome !!
>>
>>I just the following in my Apache logs:
>>
>>--------------------- httpd Begin ------------------------
>>
>>A total of 3 unidentified 'other' records logged
>> HEAD /DFind.apache HTTP/1.0 with response code(s) 404
>
>
> Someone looking for the page /DFind.apache - your server returned "not
> found" (404)
>
>
>> CONNECT 1.3.3.7:1337 HTTP/1.0 with response code(s) 405 405
>
>
> Someone trying to connect to another site through your server - your
> server returned "method not allowed"
>
>
>> SEARCH
>
> <snip very very very long string>
>
>>with response code(s) 414 414 414 414 414
>
>
> Someone trying to do whatever SEARCH does - your server returned
> "Request-URI too long"
>
>
>> ---------------------- httpd End -------------------------
>>
>>I'm worried that this is some sort of an attack on my web server. I am
>>running Apache 2.0.51 on Fedora Core 2 (2.6.10-1.14_FC2smp #1 SMP).
>>
>
> One or more persons/script kiddies/bots/etc looked for holes in your
> server to allow various things. Your server refused to do them. I'm
> not sure I see a problem. If you are going to run a web server on the
> internet, you best get used to this. My logs are full of this crap
> all the time. If some IPs generate an excessive amount of these
> entries, deny therm access to your server.
>
> Jim
Thanks Jim.

I looked around the logs again. Related to these entries are addresses
from Google and MSN. I suspect that their search bots are trying to
search through my cgi-bin scripts. I'll put in a robots.txt to deny
them. Hopefully, that'll work.

Thanks again,
Saurabh.

18/02/2005, 23h41	#3
Saurabh Barve Messages: n/a Hébergeur:	Re: Apache logs Jim Hayter wrote: > On Fri, 18 Feb 2005 11:15:48 -0700, in > comp.infosystems.www.servers.unix, Saurabh Barve > <barve@cs.colostate.edu> wrote: > > >>Hi, >> >>I am new on the this group, and am not entirely sure if this message is >>relevant here. I am hoping that someone will either give me a solution >>or tell me to not post messages of this kind here! Any response would be >>welcome !! >> >>I just the following in my Apache logs: >> >>--------------------- httpd Begin ------------------------ >> >>A total of 3 unidentified 'other' records logged >> HEAD /DFind.apache HTTP/1.0 with response code(s) 404 > > > Someone looking for the page /DFind.apache - your server returned "not > found" (404) > > >> CONNECT 1.3.3.7:1337 HTTP/1.0 with response code(s) 405 405 > > > Someone trying to connect to another site through your server - your > server returned "method not allowed" > > >> SEARCH > > <snip very very very long string> > >>with response code(s) 414 414 414 414 414 > > > Someone trying to do whatever SEARCH does - your server returned > "Request-URI too long" > > >> ---------------------- httpd End ------------------------- >> >>I'm worried that this is some sort of an attack on my web server. I am >>running Apache 2.0.51 on Fedora Core 2 (2.6.10-1.14_FC2smp #1 SMP). >> > > One or more persons/script kiddies/bots/etc looked for holes in your > server to allow various things. Your server refused to do them. I'm > not sure I see a problem. If you are going to run a web server on the > internet, you best get used to this. My logs are full of this crap > all the time. If some IPs generate an excessive amount of these > entries, deny therm access to your server. > > Jim Thanks Jim. I looked around the logs again. Related to these entries are addresses from Google and MSN. I suspect that their search bots are trying to search through my cgi-bin scripts. I'll put in a robots.txt to deny them. Hopefully, that'll work. Thanks again, Saurabh.