I'm running apache on my linux box at home (comcast cable connection) and my access_log is full of lines like this:
12.231.0.23 - - [12/Nov/2003:19:40:39 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 358 "-" "-" 12.231.0.23 - - [12/Nov/2003:19:40:54 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 372 "-" "-" A quick search on google tells me this is either nimda or code red trying to exploit IIS, and that I should notify the ISP that owns the address where these are coming from. Sounds like a good idea to me, but I'm not seeing anything on the comcast webpage (do a whois on the address and it's for sure a comcast one) where I can call or email this sort of thing in. Anybody here done that before? Is it worth the trouble? Also, anyone know a good way to expunge this stuff from my log files so I can see the more interesting information there? Thanks, Bryan ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
