Bonjour à tous. J'ai recemment lu ceci...Quelqu'un a-t-il plus
d'information? Est-ce que Apache est vulnérable à de telles attaques?
Thierry
-------------------------------------------------------------
At 01:37 PM 8/5/2001 +0000, you wrote:
>Hi,
>
>I found in my Apache server logs that starting from August 4
>my server was asked for "default.ida" file.
>Request was done several times from different locations.
>
>What is that file for ?
>What is the content of that file ?
It's the default Indexing Server ISAPI filter on Microsoft's IIS Web
server. If the rest of the request consisted of a long string of seemingly
unintelligible characters, the entries are most likely from Code Red
infected servers attempting to pass the worm on (the worm spreads by
exploiting a buffer overflow fault.)
If you had been running an unpatched installation of IIS 4 or 5, you'd
already be infected.
Jason K. Chapman
------------------------------------------------------------------
--
http://www-internal.alphanet.ch/linux-leman/ avant de poser
une question. Ouais, pour se désabonner aussi.
