Looks like I'm getting about 310 or so per minute, if the 1-minute sample I
took is representative. Deleted a 15mb log of attempts and its already
grown to 1mb again. The Microsoft urlscan tool is keeping all of this out
of the IIS logs.
Interestingly, *all* of the default.ida requests I *used* to get have
disappeared to be replaced by all of these blasted malformed requests for
cmd.exe. That tells me this is the old Code Red II morphing into something
new. Possibly a warhol-style worm has body-slammed all of the
previously-infected CR II boxes with some new task to accomplish?
BAH!
-----------------------------------------
Matt Robertson [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
-----------------------------------------
----- Original Message -----
From: "Tristram Charnley" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 9:17 AM
Subject: RE: Code Red backdoor triggered?
Yes we're getting hammered too - exactly the same requests
Tristram Charnley
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
