Is your e3000 Environment Secure? Homestead security
page 60April 24, 2003
Is Your Homestead Secure? - Solution Symposium West
Apache – check logs for suspicious activity
• The /APACHE/PUB/logs/access_log file can indicate suspicious
Microsoft IIS virus activity (Nimda, etc):
12.34.56.78 - - [20/Feb/2003:16:06:41 -0800] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 291
12.34.56.78 - - [20/Feb/2003:16:06:41 -0800] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 289
12.34.56.78 - - [20/Feb/2003:16:06:42 -0800] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
299
12.34.56.78 - - [20/Feb/2003:16:06:42 -0800] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
299