Apache(Perl?) error

r_mehmed has asked for the wisdom of the Perl Monks concerning the following question:

Dear monks, Does anyone know what these errors mean?

[Fri Jan 31 14:56:47 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/scripts
[Fri Jan 31 14:56:52 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/MSADC
[Fri Jan 31 14:56:58 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/c
[Fri Jan 31 14:57:03 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/d
[Fri Jan 31 14:57:08 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/scripts
[Fri Jan 31 14:57:13 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/_vti_bin
[Fri Jan 31 14:57:19 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/_mem_bin
[Fri Jan 31 14:57:27 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/msadc
[Fri Jan 31 14:57:32 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/scripts
[Fri Jan 31 14:57:42 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/scripts
[Fri Jan 31 14:57:48 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/scripts
[Fri Jan 31 14:58:03 2003] [error] [client 172.181.45.176] File does n
+ot exist: C:/Apache2/htdocs/scripts
[download]

First thing off, is that I never request these files. As I was browsing my error log I found that this occurs every now and then. Not that I do something strange in my Perl scripts.I also checked Apache's access.log,and the IP address that requests them is different then mine. I wander if this has anything to do with Perl's -w???
The worriying thing is that in access.log i have a line that reads 172.181.45.176 - - [31/Jan/2003:14:58:03 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298,which is I guess the Command Prompt!!! Could my computer be used as a spam generator??????
thanks
r_mehmed
novice

Comment on Apache(Perl?) error Select or Download Code

Replies are listed 'Best First'.
Re: Apache(Perl?) error by dempa (Friar) on Jan 31, 2003 at 15:36 UTC
These are traces of someone probing for open security holes (Nimda etc) in IIS. You should be safe with Apache. -- dempa	[reply]
Re: Apache(Perl?) error by Heidegger (Hermit) on Jan 31, 2003 at 15:33 UTC
I've also noticed this message in my logs. Looks as if someone's looking for a root.exe, cmd.exe files. I put a password on my Apache with .htaccess and it stopped ;-)	[reply]
Re: Apache(Perl?) error by moxliukas (Curate) on Jan 31, 2003 at 15:44 UTC
No, this is very probably worm activity. Nothing serious unless you run Windows IIS ;) It has nothing to do with Perl. I get tons of these every day on my servers. Nothing to worry about especially when the servers run Linux ;)	[reply]
Re: Apache(Perl?) error by hardburn (Abbot) on Jan 31, 2003 at 18:43 UTC
What we need here is a Perl script that scans for Nimbda requests and automatically retaliates with a full nuclear strike. (Who would have though that atomic fusion can be done in a one-liner?)	[reply]
Re: Apache(Perl?) error by Anonymous Monk on Jan 31, 2003 at 15:49 UTC
http://www.der-keiler.de/Mailing-Lists/Securiteam/2002-02/0104.html Home > Mailing-Lists > Securiteam > 2002-02 Newsgroups Recommendat +ions Privacy [NT] Phusion Webserver File Viewing, DoS and Arbitr +ary Code Execution Vulnerabilities From: support@securiteam.com Date: 02/17/02 Previous message: support@securiteam.com: "[UNIX] MPG123 Local Buffer +Overflow Vulnerability (Command Line)" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attac +hment ] ---------------------------------------------------------------------- +---------- From: support@securiteam.com To: list@securiteam.com Date: Sun, 17 Feb 2002 10:51:46 +0100 (CET) The following security advisory is sent to the securiteam mailing list +, and can be found at the SecuriTeam web site: http://www.securiteam. +com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're safe. - - - - - - - - - Phusion Webserver File Viewing, DoS and Arbitrary Code Execution Vulnerabilities ---------------------------------------------------------------------- +-- SUMMARY <http://www.bbshareware.com/> Phusion Webserver Server is an Webserve +r for Windows 9x/NT/2000. Multiple security vulnerabilities have been fo +und in the product that allow remote attackers to launch a denial-of-servi +ce, retrieve files that reside outside the normal HTTP bounding directory, + overflow an internal buffer causing it to execute arbitrary code, and execute arbitrary commands (via a directory traversal bug). DETAILS [download] Read more... (18 kB)	[reply] [d/l] [select]


more useful options
	PerlMonks