attack back?  :)  These are probably compromised boxes (nimda or code red).
You could find the admins of the boxes and tell them, or just ignore it.

It's probably not going to accomplish anything by reporting it though.  Just
take pride in the fact that they haven't gained access to your box.  :)

Jay

-----Original Message-----
From: Munir Nassar [mailto:nassarmu at redconcepts.net]
Sent: Tuesday, October 30, 2001 8:37 PM
To: Twin Cities Linux User Group
Subject: [TCLUG] Apache error logs


For a couple of days now i have been getting wierd errors in my Apache
logs, mostly people doing a GET /dir/cmd.exe, or root.exe

don't these people check the server strings? I may be inexperienced but i
am not brain dead enough to run IIS. or just even plain windows.

but most importantly: should i report the IPs to someone? (i have about 10
different IPs so far) is there anything in particular i should do about
this?

 -munir

_______________________________________________
Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org
tclug-list at mn-linux.org
https://mailman.mn-linux.org/mailman/listinfo/tclug-list