Hello all, I notice in my httpd log file, that I have tones of error like the one below

"GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299

I would like to stop the ip address's that are doing that.

In my firewall i'm running ipchains right now
what do i do so I could block them from running the cmd.exe

Plus should i be worried about this?

Thank's

Bishop :cool:

that's most likely the nimda virus....snort (running on my firewall) keeps catching around 20-50 attempts at a time similar to that. its trying to run well know iis exploits.

i wouldn't (and don't) waste my time on it. if you're really paranoid or have an iis server behind your firewall you could have a script grep through the log, parse out the ips and add them to /etc/hosts.deny. but there's no way for this worm to affect apache.

wreckd Thanks for the help. The only thing I have running behind it is my win98 machine thats for my girlfriend use. She wont learn linux , she tells me that its to hard to learn plus she does not have the time.


Thanks once again for the help

bishop :cool: