Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] Apache attack or a new worm
  • From: Peter Wiersig <wiersig-ml@xxxxxxxxxxxxx>
  • Date: Wed, 14 Aug 2002 10:02:44 +0200
  • Message-id: <20020814100244.C24521@xxxxxxxxxxxxx>
security@xxxxxxxxxxxxxx wrote:
>
> I run Apache/1.3.23 in Suse 8.0 box and i had these logs in my access log file
> I would appreciate it if somebody helped me
>
> xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:38 +0300] "HEAD /cgi-bin/mailnews.cgi HTTP/1.0" 404 0 "-" "-"

This is a line in the combined log format. The fields are:
IP "remote logname" "Username from auth" "timestamp" "Request line"
status-code "bytes sent" "Referrer" "User-Agent"

If the status-code doesn't begin with 2 you're out of trouble. Most
requests from your mail are status 404 which means "not found".

> I wonder if this is a new worm or just an attack in my linux box

I would say it's a test for vulnerable cgi-scripts.

Peter

< Previous Next >
Follow Ups
References