Brendan,
Not sure If you are who I think you are. By chance did you live in
Virginia and work for Gannon LLc for a short while. If so email me
back.
Later,
Curtis
On 9 Oct 2001, at 11:56, brendan hack wrote:
> Thanks to Bill and James for your responses. It was a proxy attempt. I
> set up my m
Brendan,
Not sure If you are who I think you are. By chance did you live in
Virginia and work for Gannon LLc for a short while. If so email me
back.
Later,
Curtis
On 9 Oct 2001, at 11:56, brendan hack wrote:
> Thanks to Bill and James for your responses. It was a proxy attempt. I
> set up my
Thanks to Bill and James for your responses. It was a proxy attempt. I
set up my mozilla to use the apache server as a proxy and got the same
log entries. Luckily though, apache simply returned web pages from the
local web site instead of proxying them since the ProxyRequests
directive was not
At 10:08 2001-10-09 +1000, brendan hack wrote:
Hi All,
I found a strange entry hidden among all the IIS exploit attempts
in my apache access log today:
61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GET
http://61.177.66.228:8283/ HTTP/1.0" 200 756
Does anyone know if this
brendan hack writes:
>Hi All,
>
> I found a strange entry hidden among all the IIS exploit attempts in my
>apache access log today:
>
>61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GET
>http://61.177.66.228:8283/ HTTP/1.0" 200 756
>
> Does anyone know if this is some sort of attack
Hi All,
I found a strange entry hidden among all the IIS exploit attempts in my
apache access log today:
61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GET
http://61.177.66.228:8283/ HTTP/1.0" 200 756
Does anyone know if this is some sort of attack attempt? It doesn't seem
to make any s
Thanks to Bill and James for your responses. It was a proxy attempt. I
set up my mozilla to use the apache server as a proxy and got the same
log entries. Luckily though, apache simply returned web pages from the
local web site instead of proxying them since the ProxyRequests
directive was not
At 10:08 2001-10-09 +1000, brendan hack wrote:
>Hi All,
>
> I found a strange entry hidden among all the IIS exploit attempts
> in my apache access log today:
>
>61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GET
>http://61.177.66.228:8283/ HTTP/1.0" 200 756
>
> Does anyone know
brendan hack writes:
>Hi All,
>
> I found a strange entry hidden among all the IIS exploit attempts in my
>apache access log today:
>
>61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GET
>http://61.177.66.228:8283/ HTTP/1.0" 200 756
>
> Does anyone know if this is some sort of attac
Hi All,
I found a strange entry hidden among all the IIS exploit attempts in my
apache access log today:
61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GET
http://61.177.66.228:8283/ HTTP/1.0" 200 756
Does anyone know if this is some sort of attack attempt? It doesn't seem
t
10K in the last 48 hours here. Welcome to CodeRed Aren't you glad
you do Linux?
On Thu, 2 Aug 2001, Wouter van Gils wrote:
>Hi, today I came say a lot of these:
>
>tnt-7-28.easynet.co.uk - - [01/Aug/2001:21:59:02 +0200] "GET
>/default.ida?N
>NN
Hello!
On Thu, Aug 02, 2001 at 12:32:27AM +0800, Peter Crystal wrote:
> one suggested solution to it is something like
> #---
> LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so
>
> RewriteEnging On
> RewriteRule ^default.ida(.*) http://someothersite.com/ [L,R]
> #-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Wouter" == Wouter van Gils <[EMAIL PROTECTED]> writes:
Wouter> So, it's probably a code red infected machine, trying to reach
Wouter> others to infect. I tried telnetting to port 80 to see some
Wouter> activity. With some I've got no respons,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Wouter" == Wouter van Gils <[EMAIL PROTECTED]> writes:
Wouter> So, it's probably a code red infected machine, trying to reach
Wouter> others to infect. I tried telnetting to port 80 to see some
Wouter> activity. With some I've got no respons, w
Hi!
On Thu, Aug 02, 2001 at 11:22:50AM +0100, Tim Haynes wrote:
> Personally, I do this:
>
> RedirectMatch Permanent /(.*default.ida.*$) http://127.0.0.1/$1
Thanks, it works!
--
Bye,
Igor.
pgpt3FCm1DpbV.pgp
Description: PGP signature
Igor Goldenberg <[EMAIL PROTECTED]> writes:
[snip]
> > LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so
> >
> > RewriteEnging On
> > RewriteRule ^default.ida(.*) http://someothersite.com/ [L,R]
> > #---
>
> This not works for me. How to make Rewrite in Apache?
>
> I've adde
Hello!
On Thu, Aug 02, 2001 at 12:32:27AM +0800, Peter Crystal wrote:
> one suggested solution to it is something like
> #---
> LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so
>
> RewriteEnging On
> RewriteRule ^default.ida(.*) http://someothersite.com/ [L,R]
> #--
10K in the last 48 hours here. Welcome to CodeRed Aren't you glad
you do Linux?
On Thu, 2 Aug 2001, Wouter van Gils wrote:
>Hi, today I came say a lot of these:
>
>tnt-7-28.easynet.co.uk - - [01/Aug/2001:21:59:02 +0200] "GET
>/default.ida?N
>NNN
which can mean box died, or webserver is on another
port.
grt Wouter
[On 02 Aug, 2001, Dennis Stampfer wrote in " Re: apache log entry "]
> Hi,
>
> This mail won't help you. Its a question from me:
>
> I read that 'Code Red' can infect only Windo
On Thu, Aug 02, 2001 at 08:35:36AM +0200, Wouter van Gils wrote:
>
>
>
> [On 02 Aug, 2001, Curt Howland wrote in " RE: apache log entry "]
> >
> > Yep, you've been asleep, or lucky. This is the Code Red virus.
> >
> > What are you running?
which can mean box died, or webserver is on another
port.
grt Wouter
[On 02 Aug, 2001, Dennis Stampfer wrote in " Re: apache log entry "]
> Hi,
>
> This mail won't help you. Its a question from me:
>
> I read that 'Code Red' can infect only Windo
[On 02 Aug, 2001, Curt Howland wrote in " RE: apache log entry "]
>
> Yep, you've been asleep, or lucky. This is the Code Red virus.
>
> What are you running? I run Boa 0.92 and it doesn't even skip a beat with
> this "code red" idiocy.
>
I&#
BINGO... welcome to Code Red land... Just sit back and think of all
the dumb IIS admins that didn't patch their machines and laugh cause you were
smart and ran Apache on Linux :)
Jeremy
Wouter van Gils was said to been seen saying:
> Hi, today I came say a lot of these:
>
> tnt-7
001 15:27
To: debian-security@lists.debian.org
Subject: apache log entry
Hi, today I came say a lot of these:
tnt-7-28.easynet.co.uk - - [01/Aug/2001:21:59:02 +0200] "GET
/default.ida?N
NNN
Hi, today I came say a lot of these:
tnt-7-28.easynet.co.uk - - [01/Aug/2001:21:59:02 +0200] "GET
/default.ida?N
NNN
N
On Thu, Aug 02, 2001 at 08:35:36AM +0200, Wouter van Gils wrote:
>
>
>
> [On 02 Aug, 2001, Curt Howland wrote in " RE: apache log entry "]
> >
> > Yep, you've been asleep, or lucky. This is the Code Red virus.
> >
> > What are you running?
[On 02 Aug, 2001, Curt Howland wrote in " RE: apache log entry "]
>
> Yep, you've been asleep, or lucky. This is the Code Red virus.
>
> What are you running? I run Boa 0.92 and it doesn't even skip a beat with
> this "code red" idiocy.
>
I&#
BINGO... welcome to Code Red land... Just sit back and think of all
the dumb IIS admins that didn't patch their machines and laugh cause you were
smart and ran Apache on Linux :)
Jeremy
Wouter van Gils was said to been seen saying:
> Hi, today I came say a lot of these:
>
> tnt-
001 15:27
To: [EMAIL PROTECTED]
Subject: apache log entry
Hi, today I came say a lot of these:
tnt-7-28.easynet.co.uk - - [01/Aug/2001:21:59:02 +0200] "GET
/default.ida?N
NN
Hi, today I came say a lot of these:
tnt-7-28.easynet.co.uk - - [01/Aug/2001:21:59:02 +0200] "GET
/default.ida?N
NNN
30 matches
Mail list logo
