Date: Sat, 21 Jul 2001 14:21:53 -0700 From: faSty <fasty@i-sphere.com> To: nathan@salvation.unixgeeks.com Cc: freebsd-security@freebsd.org Subject: Re: possible? Message-ID: <20010721142152.A61045@i-sphere.com> In-Reply-To: <20010721204942.12010.qmail@salvation.unixgeeks.com>; from nathan@salvation.unixgeeks.com on Sat, Jul 21, 2001 at 08:49:42PM -0000 References: <20010721204942.12010.qmail@salvation.unixgeeks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I got that same like 10 times so far. nothing do with apache's expliot. It just basically for IIS expliot called Red worm virus. You might want check www.cnn.com or any security website talk about red worm alert. -trev On Sat, Jul 21, 2001 at 08:49:42PM -0000, nathan@salvation.unixgeeks.com wrote: > > okay, today i checked my apache logs this is what i got: > > 195.10.116.2 - - [19/Jul/2001:15:50:20 -0700] "GET /default.ida?NNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u > 6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u53 > 1b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 332 > > this same exact get request came from several different address as well. such > as: 128.138.105.172, 202.157.154.126, and a couple of others. any ideas? any > remote exploits in apache i've missed? i'm running Apache/1.3.19 Server.. > > thanks in advance, > nathan. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- "Reality is that which, when you stop believing in it, doesn't go away". -- Philip K. Dick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010721142152.A61045>