Re: Apache log entries - hack attempt ?
From: Spam Me! (postmaster@127.0.0.1)
Date: 04/06/03
- Next message: Little Bill: "Re: Linux tuning/optimisation"
- Previous message: Douglas Cowan: "TCP Forwarding with ICMP Dest Unreachable"
- In reply to: D. Stussy: "Re: Apache log entries - hack attempt ?"
- Next in thread: Soeren Ziehe: "Re: Apache log entries - hack attempt ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Spam Me! <postmaster@127.0.0.1> Date: Sun, 06 Apr 2003 15:46:08 GMT
D. Stussy wrote:
> On Thu, 3 Apr 2003, Spam Me! wrote:
>> I'm getting lots of suspicious entries in my Apache log, like the
[snip]
> Yes. Where have you been? These virii have been out for 18+ months
now.
>
OK, you are right I should have looked up the sihnatures first.
I've been hiding under my rock - I mean firewall, in the past years,
i.e. I did not have any open ports and did not run any servers,
thus I did not care about the signatures of virii. Of course, I
heard about code red, just did not know its signature.
A few days ago I setup a web server on a DMZ machine behind my
firewall and started to monitor the logs on it. And it is flooded
by those code red messages originiating from various IP addresses.
What's amazing is that if this is the 18+months old code red, why
is it still actively spreading ? Those windows boxes never get cleaned
and patched ???
-- Freedom: In a world without fences there is NO NEED for Gates!
- Next message: Little Bill: "Re: Linux tuning/optimisation"
- Previous message: Douglas Cowan: "TCP Forwarding with ICMP Dest Unreachable"
- In reply to: D. Stussy: "Re: Apache log entries - hack attempt ?"
- Next in thread: Soeren Ziehe: "Re: Apache log entries - hack attempt ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
