[NTLUG:Discuss] Unusual httpd logs
kbrannen@gte.net
kbrannen at gte.net
Fri Jun 14 21:53:14 CDT 2002
david ross wrote:
> ok i know i said unusual but its really not. what i'm looking for is a script
> i saw posted here for shutting down a remote machine that keeps filling my
> logs with the same GET request.
> <snip>
> [Wed Jun 12 11:09:30 2002] [error] [client 12.237.176.176] File does not
> exist: /html/scripts/root.exe
> [Wed Jun 12 11:09:30 2002] [error] [client 12.237.176.176] File does not
> exist: /html/MSADC/root.exe
> [Wed Jun 12 14:29:16 2002] [error] [client 12.237.176.176] File does not
> exist: /html/scripts/root.exe
>
> how can i stop this? i added this IP to hosts.deny but that didn't work and
> i'm not familiar at all with ipchains.
> TIA David
You might try running "saint" on that IP. I seem to remember some doc on it
saying that if you ran it in "high security check" mode aimed at a mswindows
machine, that would sometimes cause the mswindows machine to BSOD.
Of course, please consider that you're in an ethically gray area here, though
I completely sympathize with your feelings.
If you haven't tried, consider contacting their ISP, which seems to be
[abuse.] attbi.com, and explain the problem. Perhaps they will shut off the
person until the machine has been clean (though that's probably a pipe-dream).
Kevin
More information about the Discuss
mailing list