HPE Community
Operating System - HP-UX
1832864 Members
2762 Online
110048 Solutions
New Discussion

Re: Error in Apache Log File?

 
SOLVED
Go to solution
Ron Brown_2
Frequent Advisor

‎06-19-2003 09:30 AM

‎06-19-2003 09:30 AM

Error in Apache Log File?

I found the following entry when I examined access_log on our web server:

65.73.180.156 - - [16/Jun/2003:13:36:07 -0500] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 276 "-" "-"

Some background: the site was hosted on a Linux box until recently and is now hosted under HP-UX 11.00. The log file was brought over from the Linux server. The Apache 1.3.26 is installed on both machines.

Is this an error, file corruption, or something more sinister?
should work...
0 Kudos
Reply
5 REPLIES 5
Evert Jan van Ramselaar
Valued Contributor

‎06-19-2003 10:25 AM

‎06-19-2003 10:25 AM

Solution

Re: Error in Apache Log File?

These messages are traces of a worm querying your webserver. See http://www.datarescue.com/fprot/virinfo/defaultida.htm for more info.

Nothing to worry about. These things have become very common.

EJ
Contrary to popular belief, Unix is userfriendly. It just happens to be selective about who it makes friends with.
Reply
Michael Kelly_5
Valued Contributor

‎06-19-2003 10:25 AM

‎06-19-2003 10:25 AM

Re: Error in Apache Log File?

Ron,
this is the 'signature' of the Code Red worm.
Last I heard, HPUX wasn't vulnerable!

Regards,
Michael.
The nice thing about computers is that they do exactly what you tell them. The problem with computers is that they do EXACTLY what you tell them.
Reply
Evert Jan van Ramselaar
Valued Contributor

‎06-19-2003 10:28 AM

‎06-19-2003 10:28 AM

Re: Error in Apache Log File?

True, only unpatched Microsoft IIS are vulnerable. It's just that the worm is searching for other unpatched IIS servers by trying the mentioned GET command.

EJ
Contrary to popular belief, Unix is userfriendly. It just happens to be selective about who it makes friends with.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-19-2003 10:38 AM

‎06-19-2003 10:38 AM

Re: Error in Apache Log File?

I see that on my Linux servers all the time.

Nice to know now why it happens.

You should continue to see this on HP-UX even though hou switched servers.

There should be a way to block these queries, but since they aren't dangerous, you can probably forget them.

If however I can associate an IP addy with this stuff, I'm going to forward it to the FBI, as should any good web hoster.

Someone is not playinig nicely or has been hacked.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ron Brown_2
Frequent Advisor

‎06-19-2003 01:01 PM

‎06-19-2003 01:01 PM

Re: Error in Apache Log File?

I have to apologize for the formatting of the original post.

It's good to know what that is and that HP-UX is not affected.

I will now spend some time analyzing the logs more carefully for any other possible issues. Thanks!
should work...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.