Web Hosting Talk






PDA

View Full Version : Strange log

MasterBrian
09-12-2001, 03:48 AM
Hi everybody,

I've a strange log during last period, and I think it should be a good idea if I ask to you all if I have to start wondering about or not. I get this:

xxx.xxx.xxx.xxx - - [05/Sep/2001:09:25:36 -0400] "GET /default.ida?XXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190 %u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 296 "-" "-"

And I get this from so many ip (sobstitute to xxx.xxx.xxx.xxx) from all over the world. Normally it would appen no more than one time from a single time from ip.

Thank you very much :)
WildWayz
09-12-2001, 04:23 AM
Isn't that the Code Red worm attack?

If u are on linux, ignore it.

--James
MasterBrian
09-12-2001, 04:28 AM
Thank you for your answer!

Yes I'm running linux (mandrake 8.0), so it is a worm attack? Are u sure? Because it is so strange, the ip from what I'm attacked is from everywhere in the world. I've the log full of this things, everytime from differents ip number!
UNIXIELHOST
09-12-2001, 04:46 AM
I have that since 3 weeks, ingore it, it mostly attacks NT Servers

UNIX are safe :)
Félix C.Courtemanche
09-12-2001, 11:49 AM
Originally posted by MasterBrian
Thank you for your answer!

Yes I'm running linux (mandrake 8.0), so it is a worm attack? Are u sure? Because it is so strange, the ip from what I'm attacked is from everywhere in the world. I've the log full of this things, everytime from differents ip number!

Each different IP is one of an infected server trying to infect you in turn... bu since you are not running Microsoft's IIS, there is nothing to worry about except the size of your logs expanding :)
purplemokey
09-21-2001, 04:04 AM
i have a shared unix account with a webhost so why is my site down? if it's cuz the windows machines are overwhelming my servers with requests then what can i do about it???
zoid
09-21-2001, 12:37 PM
Originally posted by josephp
I have that since 3 weeks, ingore it, it mostly attacks NT Servers

UNIX are safe :)

To be exactly........An unpatched IIS is unsafe. Everything else _is_ safe. :)

Alexander