 |
 |
Apache hack attempts???
|
|
|
|
|
Mac Enthusiast
Join Date: Oct 2000
Location: Toronto
Status:
Offline
|
|
Hi all, I just noticed something when looking through my Apache logs. For the past month or so, there have been rpeated attempts at accessing a page which does not exist on my webserver (default.ida). Every one of the ip's attempting to access the non-existent page are on the @home network (24.*.*.*). I don't believe there are any external links to my site, but I could be mistaken. Is there anything to worry about? Or is this just someone who has linked to my site incorrectly? Is there any way I could advise him/her of their mistake? There are pages and pages of this error, it's a bit annoying. I'm going to start rotating logs so that the size doesn't become an issue.... if there is a problem, please advise.
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 2000
Location: Springfield, MA
Status:
Offline
|
|
Originally posted by anothermacguy:
<STRONG>Hi all, I just noticed something when looking through my Apache logs. For the past month or so, there have been rpeated attempts at accessing a page which does not exist on my webserver (default.ida). Every one of the ip's attempting to access the non-existent page are on the @home network (24.*.*.*). I don't believe there are any external links to my site, but I could be mistaken. Is there anything to worry about? Or is this just someone who has linked to my site incorrectly? Is there any way I could advise him/her of their mistake? There are pages and pages of this error, it's a bit annoying. I'm going to start rotating logs so that the size doesn't become an issue.... if there is a problem, please advise.</STRONG>
Red Code worm ring a bell? Surly you've heard of it. The death of the internet and all. Anyway, it's nothing more than an annoyance unless you have any plans to switch to an Win2k/IIS Server.
FYI, I've had 5116 hits from Red Code since Aug 4. Awhile back when I was bored at work I hacked together a Red Code counter for my home page 
|
|
We hope your rules and wisdom choke you / Now we are one in everlasting peace
-- Radiohead, Exit Music (for a film)
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Apr 2001
Location: Capital city of the Empire State.
Status:
Offline
|
|
Small correction: Not all 24.xxx.xxx.xxx addresses are @home. I'm using adelphia.net with a 24.xxx.xxx.xxx addy.
|
|
/mal
"I sentence you to be hanged by the neck until you cheer up."
MacBook Pro 15" w/ Mac OS 10.8.2, iPhone 4S & iPad 4th-gen. w/ iOS 6.1.2
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2001
Status:
Offline
|
|
Originally posted by Mactoid:
<STRONG>
Red Code worm ring a bell? Surly you've heard of it. The death of the internet and all. Anyway, it's nothing more than an annoyance unless you have any plans to switch to an Win2k/IIS Server.
FYI, I've had 5116 hits from Red Code since Aug 4. Awhile back when I was bored at work I hacked together a Red Code counter for my home page </STRONG>
I was looking at my OSX Apache logs today -- over 7,300 hits from Red Code. Using @home also. Plus I have dozens of other attempts for various Windoze .exe, directories, cgi's, etc., etc. No wonder my server slows down!! 
|
|
G5 2.0; 15 " AlumPB 1.5
Miscl. other Macs
10.4.x
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Oct 2000
Location: Toronto
Status:
Offline
|
|
That's crazy. Thanks for the info.
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Apr 2001
Location: NYF'nC
Status:
Offline
|
|
Somebody wrote a php script that makes an attempt to shut down any server that tries to access default.ada, the script (& instructions) are here. The person who wrote it says it doesn't even work half the time, but what the heck? There is an interesting thread at macosx.com about Code Red & ways to monitor and/or perster ther servers pestering you, but they aren't up right now, so I can't link to it.
|
Jim Rockford was beaten repeatedly for your entertainment.
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Apr 2001
Location: NYF'nC
Status:
Offline
|
|
|
|
Jim Rockford was beaten repeatedly for your entertainment.
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Feb 2001
Location: zurich, switzerland
Status:
Offline
|
|
Originally posted by putamare:
<STRONG>Somebody wrote a php script that makes an attempt to shut down any server that tries to access default.ada, the script (& instructions) are here. The person who wrote it says it doesn't even work half the time, but what the heck? There is an interesting thread at macosx.com about Code Red & ways to monitor and/or perster ther servers pestering you, but they aren't up right now, so I can't link to it.</STRONG>
Be veeery careful with this script. This script could be construed as an attempt to hack a server in a court. Very nice all the same.
|
|
weird wabbit
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Apr 2001
Location: NYF'nC
Status:
Offline
|
|
|
|
Jim Rockford was beaten repeatedly for your entertainment.
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Status:
Offline
|
|
That does sound like Code Red.
Luckily, since you're running Apache, you're immune. However, the bandwidth and log file clogging can be a pain, I know.
I'd suggest running the scripts other people have mentioned. Even if you're hauled into court, you could plead self-defense. Granted, I don't know if it would work (I doubt anyone has tried it before), but it's worth a shot.
|
|
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Dec 2000
Location: Staffs, UK
Status:
Offline
|
|
There is an interesting tutorial on how to write a Perl Apache module to do something with Code Red hits (in this case, email the admin) - available at O'Reilly
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top