Re: am i being wormed? aaugh!

To: will trillich <will@serensoft.com>
Cc: <debian-user@lists.debian.org>
Subject: Re: am i being wormed? aaugh!
From: John Galt <galt@inconnu.isu.edu>
Date: Tue, 14 Aug 2001 19:00:43 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.4.33.0108141855520.6229-100000@inconnu.isu.edu>
In-reply-to: <[🔎] 20010814135201.A16001@serensoft.com>

mine are all 403's now.  I made a dummy file /var/www/default.ida with
permissions of 700 owned by root.  I had a theory a while ago that the CR
actually resends all 202's, but experience has proven me wrong: CR sends
the same amount regardless of whether or not if can find default.ida.  The
dummy file is mostly to prevent the skript kiddies that follow up on the
CR destruction from bothering me twice.

On Tue, 14 Aug 2001, will trillich wrote:

>On Sat, Aug 04, 2001 at 07:16:10AM -0500, ktb wrote:
>> On Sat, Aug 04, 2001 at 05:56:30AM -0500, will trillich wrote:
>> <snip>
>> > worse, when i turned on normal text-format logging, i saw this:
>> > www.worm.com Accept: */* 64.130.248.101 - - [03/Aug/2001:16:11:29 -0500] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 200 1622 "-" "-"
>> > www.worm.com Accept: */* 194.78.202.75 - - [03/Aug/2001:16:12:38 -0500] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 200 1622 "-" "-"
>>
>> That's red worm all right.
>> I've got 91 of these buggers so far.  Most hits I've had in my logs for
>> a while:)  What is strange about yours is they are returning 200, all
>> mine return 404.
>
>the hits i track in postgresql show as 404, but the ones in the
>plaintext logfile are indeed 200. now THAT's purty darn odd.
>(maybe i messed with my apache config to just do a quick 'okay
>fine whatever' when i sees a request for /default.ida?... i
>forget, having slept since then...)
>
>

-- 
Pardon me, but you have obviously mistaken me for someone who gives a
damn.
email galt@inconnu.isu.edu

Reply to:

References:
- Re: am i being wormed? aaugh!
  - From: will trillich <will@serensoft.com>

Prev by Date: gnome/mouseroller
Next by Date: Re: mozilla fonts giant-sized
Previous by thread: Re: am i being wormed? aaugh!
Next by thread: Re: am i being wormed? aaugh!
Index(es):
- Date
- Thread