Date: 12 Jan 2004 13:33:18 -0500 From: Dan Pelleg <daniel+bsd@pelleg.org> To: Robert Watson <rwatson@freebsd.org> Cc: David Edwards <david@deassociates.com> Subject: Re: Need some help on security Message-ID: <u2sisjh2f0x.fsf@gs166.sp.cs.cmu.edu> In-Reply-To: <Pine.NEB.3.96L.1040110214520.2696D-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1040110214520.2696D-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson <rwatson@freebsd.org> writes: > On Sat, 10 Jan 2004, David Edwards wrote: > > > Anyway, on to the question, lastnight, the server stopped responding > > after someone tried to gain access to what looks to be web based > > printing. I am not familiar with any firewall/IDS solutions and have > > looked over Snort and IPFW today. I don't want to do IPFW because I > > don't want to recompile a kernel that works and potentially lose > > everything I have done so far. Here is a bit of the apache error_log > > which shows the issue i am refering to: > > > > [Sat Jan 10 01:34:04 2004] [error] [client 211.233.89.189] File does not > > exist: /usr/home/dbcenter/public_html/NULL.printer > > [Sat Jan 10 01:34:04 2004] [error] [client 211.233.89.189] File does not > > exist: /usr/local/apache/htdocs/NULL.printer > > Well, these log entries are for attempted exploits of Microsoft's IIS, and > shouldn't be a problem. The error messages can safely be ignored. > Agreed. They can also be sent in a complaint to the appropriate admin. See the security/hunch port. -- Dan Pelleg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u2sisjh2f0x.fsf>