Ken Moffat wrote: > On Wed, 20 Feb 2002 05:32:04 -0500 > Bill Day <[EMAIL PROTECTED]> wrote: > > >>I do believe that is the nimda freak, code red would entail >>default.ida?NNNNNNNN ( or XXXXX, 0000000) >> >>linux.nf is no more. All things are the same with the domain change >>of linux-sxs.org >> >>HTH, >> >> >>On Wednesday 20 February 2002 03:10, you were heard blurting out: >> >>>On Tue, 19 Feb 2002 22:04:48 -0800 >>> >>>Ken Moffat <[EMAIL PROTECTED]> wrote: >>> > >>>>Here is part of my apache error_log, >>>>which makes me think someone is trying to gain access. >>>>Could this be some cracker? >>>>There are a whole bunch of these in the log. >>>> >>>>Anyone know .... ? >>>> > >>>>[Tue Feb 19 05:34:49 2002] >>>>[error] [client 216.162.75.7] File does not exist: >>>>/var/www/html/d/winnt/system32/cmd.exe >>>> >>>> >>>>I wonder who is 216.162.75.7? >>>> >>>someone with an infected Windows IIS box, IIRC this is the "code >>>red" worm. >>> >>-- >> Bill Day >> > > I have a linksys 4 port router as gateway from a cisco 675 (dsl), and > had ports 21, 23, and 80 open on the linksys for testing purposes. > Guess that's out.
Why? These are entries in the Apache error log. Someone tried to access something that wasn't available on your server. You have nothing to worry about, other than filling your logs. Anymore, these CodeRed/Nimda access attempts are simply internet background noise, I wouldn't let that stop you from running a web server. But, if you're that concerned, run your webserver on a different port from 80 and you can avoid those particular worms... Tim _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
