Re: Frequent Strange Requests
On Wed, 12 Sep 2001, Auke Rensen wrote:
> While scanning my Apache Access logs I recently discovered that my webserver
> gets some strange requests. While just guessing I can say I get these
> requests about 10 to 25 times a day.
> 212.1.145.112 - - [12/Sep/2001:15:37:33 +0200] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
As others have mentioned, this is probably the Code Red worm or
derivative.
Is the remote client IP always (or frequently the same)?
Then you may want to consider firewalling that IP on that port (80). (But
probably not needed since you only receive a few a day.)
You can also consider reporting the problem to the admin of that remote
host so they can fix their machine.
Is that IP one of your own (Windows-based) systems? If so, then this clue
can lead you to it so you can fix it.
Do some searches for "code red"; you'll find a variety of ideas and
scripts to help with this problem.
Another reason to run open source operating systems and open source
software :)
Jeremy C. Reed
http://www.reedmedia.net/
http://bsd.reedmedia.net/ -- BSD news and resources
http://www.isp-faq.com/ -- find answers to your questions
Reply to: