that would be one of the code red worms (don't remember if it's one or 2)
that have been running around. they affect iis only, so if that's from your
apache logs on a cobalt box, the only thing to worry about is your logs
filling up.
al
----- Original Message -----
From: "Jamie Rossi" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 13, 2001 4:25 PM
Subject: [cobalt-developers] Hacking attempts???
> Anyone got any idea what this is?
>
>
> 207.108.246.5 - - [13/Aug/2001:00:57:29 +0100] "GET
>
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
> u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 302 627 "-" "-"
>
> My logs show this multiple times today
>
> Regards
> Jamie Rossi
>
>
>
> _______________________________________________
> cobalt-developers mailing list
> [EMAIL PROTECTED]
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
_______________________________________________
cobalt-developers mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-developers
