14 Aug
2002
14 Aug
'02
10:02
security@meteognosis.gr wrote:
I run Apache/1.3.23 in Suse 8.0 box and i had these logs in my access log file I would appreciate it if somebody helped me
xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:38 +0300] "HEAD /cgi-bin/mailnews.cgi HTTP/1.0" 404 0 "-" "-"
This is a line in the combined log format. The fields are: IP "remote logname" "Username from auth" "timestamp" "Request line" status-code "bytes sent" "Referrer" "User-Agent" If the status-code doesn't begin with 2 you're out of trouble. Most requests from your mail are status 404 which means "not found".
I wonder if this is a new worm or just an attack in my linux box
I would say it's a test for vulnerable cgi-scripts. Peter