Date: Tue, 18 Sep 2001 20:48:15 -0400 (EDT) From: Stephen Hovey <shovey@buffnet.net> To: Rob Secombe <robseco@teksupport.net.au> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Code Red?! Message-ID: <Pine.BSF.4.05.10109182048060.4221-100000@buffnet11.buffnet.net> In-Reply-To: <3.0.5.32.20010919104530.00795ca0@secombe>
next in thread | previous in thread | raw e-mail | index | archive | help
No I have log junk on virtual hosts On Wed, 19 Sep 2001, Rob Secombe wrote: > Hi, > > I am unfortunate enough to have one NT box :( > > In case any of you are in similar situation this is what I have done. > > These worms appear only to attack using the ip address of the server on > port 80 and not using a name, so at this stage they are not hitting the > virtual webs, only the default web which has virtual directories with > execute permissions set. I have all my customers sites running as virtual > webs and have restricted the default server to just "localhost". The logs > are growing with the rejection messages but I have relocated them to > another drive where it won't hurt if it does fill up. Fingers crossed. > > Cheers > > Rob. > > > At 20:20 18/09/01 -0400, you wrote: > >On Tue, Sep 18, 2001 at 04:17:58PM -0500, > >Eric_Stanfield@kenokozie.com thus sprach: > > > >> I find it interesting that everyone I've talked to today has > >> logged the initial nimda attack within 30 seconds of the time you > >> listed below (after adjusting for timezones). > > > >I've seen an accelleration of the attack this evening [EST]. > > > >I've had log files just exploiding in size. They are growing at > >well over 500 lines per minute. We have a small company doing > >specialized work and we have our own racks in a communications > >facility. The servers have 100Mbit uplinks into the OC-192 > >backbone so I'm not going to be limited by pipe width, which also > >means that I can't get faster too. > > > >I've just turned off all logging for web traffic as I didn't want > >to have the systems fall over for lack of drive space. > > > >Just a reminder here to check your log files to make sure something > >like this doesn't happen to you. > > > >Just a file guess but here the nimda traffic is probably about 5 > >times more than the highest CodeRed days. I'm sure glad I have NO > >MS machines that I maintain but a client has two in our racks and I > >called them about 1030 this AM. I wish them luck. > > > > > >-- > >Bill Vermillion - bv @ wjv . com > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10109182048060.4221-100000>