> I don't actually think it's hysteria mate, do you want to see
> a copy of my IDS logs???? There are a large number of attacks
> going on as I write this and anyone running an unpatched/
> unprotected IIS server needs to do something about it asap.
I think that Mr. Chiverton's complaint was that simply seeing a request
doesn't mean that the server is infected. My servers are receiving quite a
few of these requests, for example, although they've been patched and don't
respond to .ida requests in any case. If the server had been patched in late
June when the patch became available, or if the unused ISAPI mappings had
been removed per the IIS configuration guidelines
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsoluti
ons/security/tools/iischk.asp) then the server wouldn't be vulnerable.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
