1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:49 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Apache stops running after 404 responses

Cause seems to be CodeRed requests

         

iseff

6:46 pm on Jan 28, 2004 (gmt 0)

10+ Year Member



I've just recently set up a nice Apache box. Without even a hint of getting things ready and just placing a domain name, I'm already getting weird (what I believe to be) hacker requests trying to overflow the buffers somehow. I'm pretty sure these attacks are unsuccessful, but for some reason, Apache is still dropping.. It just closes completely until I find out and come back through and restart it. The type of GETs that are doing this are things like:

GET /default.ida?XXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%
u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u5
31b%u53ff%u0078%u0000%u00=a HTTP/1.0

and

GET /scripts/..%255c%255c../winn
t/system32/cmd.exe?/c+dir

Definitely the second one is based on getting into the Windows server, but the other one - I dunno?

How do I make sure these are 1) denied, and 2) not dropping my server? I know on my old server these happened quite often, so I better be ready for them!

Thanks,
Ian

jdMorgan

8:00 pm on Jan 28, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



iseff,

Since you're on Apache, neither of those files exist - So, technically, you don't have to worry about it.

These are requests from unpatched Windows servers infected with Code Red or NIMDA, trying to spread the worm. You should see 404-Not Found responses to these requests on an Apache server.

Jim

iseff

9:03 pm on Jan 28, 2004 (gmt 0)

10+ Year Member



Right. Thats what I thought. So why is Apache just randomly stopping. Those become the last requests before it stops. There is a chance the server could be stopping later for another reason but the logs show nothing after that happens. Here are copies of the end of both my access and error logs. By the way - this is Apache/2.0.48 (Unix) DAV/2 PHP/4.3.4 on FreeBSD4.8.

access_log:
208.192.4.151 - - [24/Jan/2004:10:38:36 -0600] "GET /scripts/..%255c%255c../winn
t/system32/cmd.exe?/c+dir" 404 334

error_log:
[Sat Jan 24 10:38:36 2004] [error] [client 208.192.4.151] File does not exist: /
usr/sites/example.com/scripts

And then its done.

Any input?

[edited by: jdMorgan at 2:54 am (utc) on Jan. 29, 2004]
[edit reason] examplified domain [/edit]

jdMorgan

2:53 am on Jan 29, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



No idea, actually... I get hundreds of those requests per day, and it has no effect on the server.

If your server is heavily-loaded, or configured to only support a very few processes, or if you use a script to handle HTTP errors, those are issues you might want to look into.

Jim

operafan

3:35 am on Jan 29, 2004 (gmt 0)

10+ Year Member



Hi, your best bet to answer that questions on why it stops would be to ask your hosting provider, they will know best of the server configurations.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:49 pm May 1, 2026