Message-ID: <002c01c2c2f0$b330e1e0$6d950c0a@MCI02UITSZSOL2D> From: "Jonathan Hutchins" <hutchins@tarcanfel.org> Subject: Re: Apache error/access logs Date: Thu, 23 Jan 2003 09:04:33 -0600
You're not exactly being scanned, those are exploit attempts, probably by an
infected computer somewhere. As far as the firewall is concerned they are
legitimate HTML requests for your server - it doesn't know what you serve.
You'll also see a lot of requests that are trying to gind executable
scripts, mostly on Windows (you'll see the path), some one linux. I think
some of those are 'nimda'.
Some people trap those requests, grab the IP and block it at the firewall,
especially if it's on the same machine.
A reliable source claims the average life of an un-patched MS IIS server on
the internet is about one minute; un-patched Unix about ten hours.