As it's already been mentioned this is the Nimda worm that only affects IIS and anyone who has been running a web server in the last year has been hit with it countless times... I know I have... If you feel inclined to try and deal with this you can start by trying to get in contact with Starstream Communications in Rocklin, CA... Now this block of address (63.205.212.0/23) was assigned to them from SBC (formally SBC Pacific Bell) but I can tell you trying to get SBC to take any action is about the same as sitting and watching paint dry... It's useless to try contacting them as their Abuse phone number says to email their abuse department but those emails I believe hit /dev/null and never a person to actually deal with them... You should be able to start trying to reach Starstream at (916) 652-9479 which is listed as their main office number however they have no contact information specifically for abuse... Jeremy On Thu, Dec 12, 2002 at 07:55:31AM -0800, Michael Olds wrote: > This is a small sample from my access log. Can someone explain to me why > this person would repeatedly attempt access to my computer using the same IP > and the same requests over and over? This isn't to the point of being a DOS > attack; can't they see I don't have any of these things that they think will > enable them to crack my machine? Or is there something else going on here? > > > 63.205.213.16 - - [11/Dec/2002:13:16:07 -0800] "GET /scripts/root.exe?/c+dir > HTTP/1.0" 404 270 "-" "-" > 63.205.213.16 - - [11/Dec/2002:13:16:07 -0800] "GET /MSADC/root.exe?/c+dir > HTTP/1.0" 404 268 "-" "-"
Attachment:
pgpdZ6PurV015.pgp
Description: PGP signature