Hello, There are several WindowsNT viruses trying to get into webservers (search, in example "Nimda Worm" in Google, to have more information.)
What I'm doing to avoid the error log on my systems is bounce these requests to a script using mod_rewrite. In httpd.conf, I add this: ####### Worm Catch ####### RewriteEngine on # Nimda Worm! RewriteRule ^/(.*)\.[exe|dll|ida] /myPath/WormCatch/Nimda-Worm.pl [T=application/x-httpd-cgi,L] <Directory "/vhome/WormCatch"> AllowOverride None Options ExecCGI Order allow,deny Allow from all </Directory> ###### / Worm Catch ###### The script is very simple: it just send an output line and increase the value of a counter. Regards, Tomás > hi guys, > > I found the lines shown below in apache log messages and I got a feeling i m > hacked. > > Sat Aug 17 15:36:51 2002] [error] [client 192.168.0.188] File does not exist: > /usr/local/argon/doc/_vti_bin/shtml.exe/_vti_rpc > [Sat Aug 17 15:38:58 2002] [error] [client 192.168.0.188] File does not exist: > /usr/local/argon/doc/_vti_inf.html > [Sat Aug 17 15:38:59 2002] [error] [client 192.168.0.188] File does not exist: > /usr/local/argon/doc/_vti_bin/shtml.exe/_vti_rpc > [Sat Aug 17 16:27:54 2002] [error] [client 192.168.0.188] File does not exist: > /usr/local/argon/doc/_vti_inf.html > [Sat Aug 17 16:27:54 2002] [error] [client 192.168.0.188] File does not exist: > /usr/local/argon/doc/_vti_bin/shtml.exe/_vti_rpc > > Can u pls confirm me about the same and help me out to block it. > Note:I did not find any logs in /var/log/secure and /var/log/messages from Aug > 13 to Aug 17 as well. > > Thanks & Warm Regards > ======================= > Ashwin Khandare > Engineer > Western Outdoor Interactive +-- --+ Tomás García Ferrari Bigital http://bigital.com/ +-- --+ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list