CodeRed 인지 Nimda인지 아파치 요청을 계속하
작성자 정보
- 이선재 작성
- 작성일
컨텐츠 정보
- 961 조회
- 0 추천
- 목록
본문
CodeRed 인지 Nimda인지 아파치 요청을 계속하길레
[Wed Nov 13 10:55:43 2002] [error] [client 218.50.135.125] File does not exist: /web/MSADC/root.exe
[Wed Nov 13 10:55:45 2002] [error] [client 218.50.135.125] File does not exist: /web/c/winnt/system32/cmd.exe
[Wed Nov 13 10:55:47 2002] [error] [client 218.50.135.125] File does not exist: /web/d/winnt/system32/cmd.exe
[Wed Nov 13 10:55:49 2002] [error] [client 218.50.135.125] File does not exist: /web/scripts/..%5c../winnt/system32/cmd.exe
httpd.conf에 아래와 같이 처리했더니
#----------------------------------------------
#CodeRed
SetEnvIf Request_URI "cmd.exe" ATTACK
SetEnvIf Request_URI "root.exe" ATTACK
SetEnvIF Request_URI "default.ida" ATTACK
#특정IP막기
<Directory /web/>
Order allow,deny
Allow from all
Deny from env=ATTACK
Deny from 218.50.3.142 // 218.50.135.125전에 요청하던 IP
</Directory>
#----------------------------------------------
아래와 같이 로그가 남네요..
[Wed Nov 13 11:36:45 2002] [error] [client 218.155.62.210] client denied by server configuration: /www/worldcup/scripts
[Wed Nov 13 11:41:17 2002] [error] [client 218.50.240.108] client denied by server configuration: /www/worldcup/scripts
[Wed Nov 13 11:41:17 2002] [error] [client 218.50.240.108] client denied by server configuration: /www/worldcup/MSADC
[Wed Nov 13 11:41:20 2002] [error] [client 218.50.240.108] client denied by server configuration: /www/worldcup/c
[Wed Nov 13 11:41:21 2002] [error] [client 218.50.240.108] client denied by server configuration: /www/worldcup/d
[Wed Nov 13 11:41:24 2002] [error] [client 218.50.240.108] client denied by server configuration: /www/worldcup/scripts
그런데 아파치 데몬을 보니
[root@web02 logs]# ps -ef | grep httpd | wc -l
142
142개나 떠 있네요..
[root@web03 conf]# ps -ef | grep httpd | wc -l
41
41개가 정상같은데...
위와 같은 요청을 하는 client들에겐 아파치 데몬을 할당 안하게 하는 방법이 없을까요?
관련자료
-
이전
-
다음