Computer Hacking Forensic Investigator (CHFI) — Question 69

The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/ logs/error.log in Linux. Identify the Apache error log from the following logs.

Answer options

• A. http://victim.com/scripts/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..% c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+C:\Winnt \system32\Logfiles\W3SVC1
• B. [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test
• C. 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700]"GET /apache_pb.gif HTTP/1.0" 200 2326
• D. 127.0.0.1 - - [10/Apr/2007:10:39:11 +0300] ] [error] "GET /apache_pb.gif HTTP/1.0" 200 2326

Correct answer: B

Explanation

Option B is the correct answer because it clearly indicates an error related to server configuration, which is what the Apache error log captures. Options A and C do not pertain to error logs; option A involves a directory traversal attempt, while option C shows a successful request. Option D also includes an error, but it lacks the specific 'client denied by server configuration' message that is characteristic of the error log.