[ Order a Server ] [ Server Support ]

[ Getting Started ] [ Server Help ] [ Add on Help ] [ Solution ] [ Trouble Shooting ]

PLEASE NOTE, THIS IS VERY OLD ARCHIVE INFORMATION AND MAY NOT FUNCTION ON NEW SERVERS

Nimba Virus

Apparently, your logs are filling up with entries much like this?

[error] [client 161.58.90.121] File does not exist: /usr/local/etc/httpd/htdocs/scripts/root.exe
[error] [client 161.58.90.121] File does not exist: /usr/local/etc/httpd/htdocs/MSADC/root.exe
[error] [client 161.58.90.121] File does not exist: /usr/local/etc/httpd/htdocs/c/winnt/system32/cmd.exe
[error] [client 161.58.90.121] File does not exist: /usr/local/etc/httpd/htdocs/d/winnt/system32/cmd.exe

The requests that you are seeing are the result of the Nimba virus. The virus will not infect or harm your server. The only harm it can do to your server is fill up the log files. The incoming probes are http requests.

You can block http services for a specific IP address with something similar to the following in your ~/www/conf/httpd.conf file.

Add an entry like so:

<Location />
Order Deny,Allow
Deny from 161.58.90.121
</Location>

Then restart_apache.   Your done. 

PLEASE NOTE, THIS IS OLD ARCHIVE INFORMATION AND MAY NOT FUNCTION ON NEW SERVERS