Date: Thu, 9 Aug 2001 22:21:33 -0400 (EDT) From: Jim Durham <durham@w2xo.pgh.pa.us> To: Jon Loeliger <jdl@jdl.com> Cc: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>, questions@FreeBSD.ORG Subject: Re: Attempted Buffer Overrun in via httpd? Message-ID: <Pine.BSF.4.21.0108092217420.89859-100000@w2xo.pgh.pa.us> In-Reply-To: <E15T5RI-000B0V-00@jdl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 4 Aug 2001, Jon Loeliger wrote: > So, like Fernando Gleiser was saying to me just the other day: > > > > It smells like code red. It is a worm which tries to exploit a vulnerability > > in M$ IIS. > > Ah! Duh. Wait, I'm catching up here... What's the current virus > knocking on everyone's door? Oh yeah, _I_ remember now! Code Red. > > > Apache (AFAIK) is not vulnerable. > > Excellent. > > > The request comes from an infected machine, maybe you want to inform the > > webmaster about this. > > Heh. If I were to do that, I'd do _nothing_ else! I have hundreds > of them, and they are mostly from various dial-up looking DNS names. > I actually attempted some connections to these ips using "http:// and the IP number and, without fail, they were all "Under Construction". I think the great majority of these infected servers are on NT boxes where the owner checked the little box that said "Install the Web Server" and then forgot about it. I was wondering how, after months of warnings and media exposure that *anyone* could have an unpatched web server, but I think this is the reason. Good Grief... -Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0108092217420.89859-100000>