mine are all 403's now. I made a dummy file /var/www/default.ida with
permissions of 700 owned by root. I had a theory a while ago that the CR
actually resends all 202's, but experience has proven me wrong: CR sends
the same amount regardless of whether or not if can find default.ida. The
dummy
On Sat, Aug 04, 2001 at 07:16:10AM -0500, ktb wrote:
> On Sat, Aug 04, 2001 at 05:56:30AM -0500, will trillich wrote:
>
> > worse, when i turned on normal text-format logging, i saw this:
> > www.worm.com Accept: */* 64.130.248.101 - - [03/Aug/2001:16:11:29 -0500]
> > "GET
> > /default.ida?
David Purton wrote:
On Mon, 6 Aug 2001, Ian Perry wrote:
About 15 mins ago it began hitting my subnet 210.x.x.x ... all Red 2
packets.
Gee - must be my lucky day...
guess what subnet my isp uses :)
I was getting random hits this morning, 5 hrs or so ago with one every 6
mins.
Now its
On Mon, 6 Aug 2001, Ian Perry wrote:
>
> About 15 mins ago it began hitting my subnet 210.x.x.x ... all Red 2
> packets.
Gee - must be my lucky day...
guess what subnet my isp uses :)
> I was getting random hits this morning, 5 hrs or so ago with one every 6
> mins.
> Now its down to every 3
> -Original Message-
> From: John Griffiths [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 06, 2001 2:47 AM
>
> At 05:05 PM 8/4/01 +0100, Christian Jaeger wrote:
> >Just to the record: there seems to be a new variant of the
> worm, with
> >all 'N' being replaced with 'X'. The last 117 (
No, you may not panic. It's an IIS exploit. Code Red to be precise.
On Sat, 4 Aug 2001, will trillich wrote:
>i get this http request a couple of times every hour via my own
>home-grown DBIlog.pm (mod-perl/apache) httpd logger:
>
>at | 2001-07-19 10:19:18-05
>client | 216.82.8.136
>met
At 05:05 PM 8/4/01 +0100, Christian Jaeger wrote:
>Just to the record: there seems to be a new variant of the worm, with
>all 'N' being replaced with 'X'. The last 117 (er, now thei'r 119)
>worm requests on my machine, starting 5 hours ago, were all except
>one of the 'X' type. And all of them c
Just to the record: there seems to be a new variant of the worm, with
all 'N' being replaced with 'X'. The last 117 (er, now thei'r 119)
worm requests on my machine, starting 5 hours ago, were all except
one of the 'X' type. And all of them come from 62.2.x.x (well, I'm on
this subnet, too). Se
On Sat, Aug 04, 2001 at 05:56:30AM -0500, will trillich wrote:
> worse, when i turned on normal text-format logging, i saw this:
> www.worm.com Accept: */* 64.130.248.101 - - [03/Aug/2001:16:11:29 -0500] "GET
> /default.ida?
On Sat, Aug 04, 2001 at 05:56:30AM -0500, will trillich wrote:
| i get this http request a couple of times every hour via my own
| /default.ida?[...]
| [and that's truncated!]
Congratulations Will! The Code Red worm (one of the latest toys for
M$ fans) wants to infect your IIS server on Wi
i get this http request a couple of times every hour via my own
home-grown DBIlog.pm (mod-perl/apache) httpd logger:
at | 2001-07-19 10:19:18-05
client | 216.82.8.136
method | GET
server | www.serensoft.com
url |
/default.ida?NNN
11 matches
Mail list logo
