Previously, Douglas J Hunley chose to write: > Tim Wunder babbled on about: > > I'm getting alot of requests for "/c/winnt/system32.cmd.exe" in my > > access_log ever since opening port 80. Is that Code Red, or some other > > IIS exploit? How do I keep those entries from consuming bandwidth and > > filling my access_log? > > Thanks, > > Tim > > it's Nimda. enjoy! ;(
Ya know, I originally thought it was Nimda, but then I thought that Nimda was the e-mail worm that attached itself to a file from your HDD and e-mailed it (if you happen to be using Outlook, or Outlook Express). So I guessed that it was a variant of CodeRed, even though I thought you're s'posed to get XXXXXXXXXXX's or NNNNNNNNNNN's in the requests from CodeRed. I guess there's no real way to stop it from hitting the server and making an entry in the log, then. Unless I block the IP's. But once an IP knocks and doesn't get an answer, does it no longer knock in the future? Oh well, gotta do something with all this disk space, might as well fill up some logs... Regards, Tim _______________________________________________ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
