Date: Thu, 9 Aug 2001 14:25:23 +0400 From: "Nickolay A.Kritsky" <nkritsky@internethelp.ru> To: Robin Smith <rasmith@aristotle.tamu.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re[2]: should I concerned? Message-ID: <7690233759.20010809142523@internethelp.ru> In-Reply-To: <200108090134.UAA28759@aristotle.tamu.edu> References: <200108090134.UAA28759@aristotle.tamu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Robin, Thursday, August 09, 2001, 5:34:34 AM, you wrote: >>>>>> "faSty" == faSty <fasty@i-sphere.com> writes: RS> faSty> Hi guys, I noticed the httpd's log (errors and access), RS> faSty> someone tried expliot the security hole on apache webserver RS> faSty> and I dont know what this is. RS> faSty> my webserver apache version is RS> faSty> Server version: Apache/1.3.19 (Unix) Server built: May 17 RS> faSty> 2001 20:14:06 RS> faSty> [08/Aug/2001:14:39:03 -0700] RS> faSty> RS> "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a RS> Relax: this is Code Red's signature (though the filler is X instead of RS> N: is this Son of Code Red?). You're running apache, not IIS. I have thought that Code Red exploit string must begin with "/default.idq" Was I wrong? RS> Robin Smith RS> To Unsubscribe: send mail to majordomo@FreeBSD.org RS> with "unsubscribe freebsd-security" in the body of the message ;------------------------------------------- ; NKritsky ; SysAdmin InternetHelp.Ru ; http://www.internethelp.ru ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7690233759.20010809142523>