[imp] Apache errors regarding IMP

Frederick Ho fkho@netvigator.com
Mon Oct 21 14:02:07 2002

Previous message: [imp] problems logging in with customized login.php
Next message: [imp] Apache errors regarding IMP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
  I am currently running Horde 2.1, IMP 3.1 in RedHat 7.2 with Apache 1.3.23 and logged some weird messages in the Apache logs.

  Has anyone see the following errors in the Linux httpd/access_log, httpd/error_log regarding the Horde/IMP errors?

> httpd/access_log
202.64.220.x - - [20/Oct/2002:21:16:28 +0800] "GET /horde/imp/view.php?thismailbox=INBOX&index=1941&id=2&actionID=113&mime=9d1caf7ffd290b8e7ebeecded7496350 HTTP/1.1" 200 5894947
202.64.220.x - - [20/Oct/2002:21:17:09 +0800] "GET /scripts/root.exe?/c+dir HTTP/1.1" 404 295
202.64.220.x - - [20/Oct/2002:21:17:09 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.1" 404 293
202.64.220.x - - [20/Oct/2002:21:17:10 +0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.1" 404 303
202.64.220.x - - [20/Oct/2002:21:17:10 +0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.1" 404 303
202.64.220.x - - [20/Oct/2002:21:17:13 +0800] "GET /scripts/..%5C../winnt/system32/cmd.exe?/c+dir HTTP/1.1" 404 315
202.64.220.x - - [20/Oct/2002:21:17:13 +0800] "GET /_vti_bin/..%5C../..%5C../..%5C../winnt/system32/cmd.exe?/c+dir HTTP/1.1" 404 328
202.64.220.x - - [20/Oct/2002:21:17:14 +0800] "GET /_mem_bin/..%5C../..%5C../..%5C../winnt/system32/cmd.exe?/c+dir HTTP/1.1" 404 328

> httpd/error_log
[Sun Oct 20 04:18:46 2002] [error] [client 202.64.220.x] File does not exist: /var/www/html/horde/imp/scripts/root.exe
[Sun Oct 20 04:18:46 2002] [error] [client 202.64.220.x] File does not exist: /var/www/html/horde/imp/MSADC/root.exe
[Sun Oct 20 04:18:47 2002] [error] [client 202.64.220.x] File does not exist: /var/www/html/horde/imp/c/winnt/system32/cmd.exe
[Sun Oct 20 04:18:47 2002] [error] [client 202.64.220.x] File does not exist: /var/www/html/horde/imp/d/winnt/system32/cmd.exe
[Sun Oct 20 04:18:47 2002] [error] [client 202.64.220.x] File does not exist: /var/www/html/horde/imp/scripts/..\../winnt/system32/cmd.exe
[Sun Oct 20 04:18:50 2002] [error] [client 202.64.220.x] File does not exist: /var/www/html/horde/imp/_vti_bin/..\../..\../..\../winnt/system32/cmd.exe
[Sun Oct 20 04:18:52 2002] [error] [client 202.64.220.x] File does not exist: /var/www/html/horde/imp/_mem_bin/..\../..\../..\../winnt/system32/cmd.exe
[Sun Oct 20 04:18:52 2002] [error] [client 202.64.220.x] File does not exist: /var/www/html/horde/imp/msadc/..\../..\../..\/..Á^\../..Á^\../..Á^\../winnt/system32/cmd.exe
[Sun Oct 20 04:18:52 2002] [error] [client 202.64.220.x] File does not exist: /var/www/html/horde/imp/scripts/..Á^\../winnt/system32/cmd.exe

Why am I getting these errors? I used both Netscape 7 and IE 6 browser on Win2K to access the IMP mail server running on Linux. I also used Apache 2.0.4 on Redhat 8 on my development system and it showed the same weird messages on the logs. 

Anyone care to comment? Why the IMP tried to access winnt stuff? Am I under attacks? My virus scan showed nothing. 

Regards,
Fred

Previous message: [imp] problems logging in with customized login.php
Next message: [imp] Apache errors regarding IMP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]