[thelist] code red making a mess of logs

Aaron Johnson lists at cephas.net
Thu Dec 19 10:33:01 CST 2002


Hi Aleem,

> well, this has been going on for a while and by now i've gotten sick of it,
> my log files are a mess with entries like the following:
>
> 24.102.16.10 - - [18/Dec/2002:10:11:09 +0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
> 24.102.16.10 - - [18/Dec/2002:13:11:59 +0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276 "-" "-"
> 24.102.16.10 - - [18/Dec/2002:08:42:05 +0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274 "-" "-"
>
> and my error log:
> [Wed Dec 18 11:46:26 2002] [error] [client 24.102.16.10] File does not exist: e:/www/public/scripts/root.exe
> ...
>
> right now what I'm doing it parsing my logs (using awstats) and
> ignoring those entries but i'd like for a way to block them out of my
> log completely. any suggestions? how do you deal with it?
 -- If you're on Apache, you can get pretty clever with
mod_rewrite,check out this example:

http://www.enc.com.au/csmall/myscripts/nimda.html

AJ


--
Aaron Johnson
http://cephas.net/blog/
ajohnson at cephas.net




More information about the thelist mailing list