Today I found in the log the following entry:
2002-12-07 14:33:32 200.170.226.83 - 192.168.100.7 80 GET /default.ida
Google is your friend.
First hit, searching for default.ida, gives:
http://www.thesitewizard.com/news/coderediiworm.shtml
with all the info you need about the Code Red worm.
.asp
Kind Regards,
Jill Tovey
- Original Message -
From: Paolo Mattiangeli [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, December 07, 2002 3:13 PM
Subject: unexpected log entries
Hi everybody, I guess maybe someone out there can help me with this. I
have
a w2k server running
Hi everybody, I guess maybe someone out there can help me with this. I have
a w2k server running IIS 5 and keep receiving what I think to be probes on
my web server. Today I found in the log the following entry:
2002-12-07 14:33:32 200.170.226.83 - 192.168.100.7 80 GET /default.ida
looks too me like good old Code Red Version 1.
On Sat, 7 Dec 2002 16:13:11 +0100
Paolo Mattiangeli [EMAIL PROTECTED] wrote:
Hi everybody, I guess maybe someone out there can help me with this. I
have a w2k server running IIS 5 and keep receiving what I think to be
probes on my web server.