attacked? hacked? help.....!
Tarjei Knapstad
tarjeik at chemcon.no
Tue Dec 9 12:02:23 UTC 2003
On Tue, 2003-12-09 at 06:38, Mike Klinke wrote:
> On Tuesday 09 December 2003 05:26, Lisa Durham wrote:
> > I am very new to Linux but was poking around in my newly setup Fedora
> > Core 1 system today and came upon the lines below in the Apache
> > Access Log when I used the "System Logs" icon in the System Tools
> > Menu.
> >
> > Is the IP at the beginning of each line the IP that requested the
> > file that is shown at the end of the line? with the date and time in
> > the center?
Yes.
<snip>
>
> This is normal. What you're seeing is Internet worm scans looking to
> break into vulnerable Windows systems.
>
Which means most of the IP's you'll be seing are "innocent" people
infected with windows worms ("innocent" = irresponsible people not
running up to date virus scanners on their systems IMHO, but that's
another story).
Anyway, you can (hopefully) help reduce this by installing WormWarner on
your system, which scans your apache logs and emails a warning to either
the ISP or server that is infected: http://www.jeroen.se/warner.php
You can run it as a (ana)cron job.
Cheers,
--
Tarjei
More information about the fedora-list
mailing list