Need some help on security
Robert Watson
rwatson at freebsd.org
Sat Jan 10 18:49:24 PST 2004
On Sat, 10 Jan 2004, David Edwards wrote:
> Anyway, on to the question, lastnight, the server stopped responding
> after someone tried to gain access to what looks to be web based
> printing. I am not familiar with any firewall/IDS solutions and have
> looked over Snort and IPFW today. I don't want to do IPFW because I
> don't want to recompile a kernel that works and potentially lose
> everything I have done so far. Here is a bit of the apache error_log
> which shows the issue i am refering to:
>
> [Sat Jan 10 01:34:04 2004] [error] [client 211.233.89.189] File does not
> exist: /usr/home/dbcenter/public_html/NULL.printer
> [Sat Jan 10 01:34:04 2004] [error] [client 211.233.89.189] File does not
> exist: /usr/local/apache/htdocs/NULL.printer
Well, these log entries are for attempted exploits of Microsoft's IIS, and
shouldn't be a problem. The error messages can safely be ignored.
However, the "server stopped responding" bit doesn't sound good. Was the
web server still running (i.e., Apache processes still present)? What
does "ps -alx" show? Were there any console messages regarding apache
stopping, or any error messages in the Apache log about it exiting or
changing states, as opposed to just file not found errors?
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Senior Research Scientist, McAfee Research
More information about the freebsd-security
mailing list