Date: Thu, 15 Nov 2001 23:41:54 -0500 From: Louis LeBlanc <leblanc+freebsd@keyslapper.org> To: fbsd <freebsd-questions@FreeBSD.ORG>, freebsd-questions@FreeBSD.ORG Subject: Re: Is this an attack guys???Help! Message-ID: <20011116044153.GB53683@keyslapper.org> In-Reply-To: <009c01c16e4a$4f65ee40$6600000a@ach.domain> References: <20011116024710.22642.qmail@web12005.mail.yahoo.com> <009c01c16e4a$4f65ee40$6600000a@ach.domain>
next in thread | previous in thread | raw e-mail | index | archive | help
--jq0ap7NbKX2Kqbes Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 11/15/01 09:56 PM, Andrew C. Hornback sat at the `puter and typed: > > -----Original Message----- > > From: owner-freebsd-questions@FreeBSD.ORG > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Keith Spencer > > Sent: Thursday, November 15, 2001 9:47 PM > > To: fbsd > > Subject: Is this an attack guys???Help! > > > > Hi all, > > This is an Apache error log snippet. > > My server is infact FreeBSD 4.4 > > I often find these page request errors from the same > > address or one of the same C-class space. > > IT looks lke an attack to me...What thinks you? > > Thanks Keith > > +++++++++++++++++++++++++++++++++++ >=20 > [log snipped] >=20 > You're being attacked by the Nimda/Code Red series of virii. Biggest > things you've got to worry about are filling up your log files with this > crap and filling up your pipe to the rest of the world. As far as I know, > you're in no danger of actually being compromised by this. >=20 Exactly. Your system is not at any security risk from these attacks, and you can get around the over bloated log files. I have some info on that up on http://www.keyslapper.org/Nimda/ You can even install a handler to report the infected systems to SecurityFocus and the sources' abuse authorities. Same page. Installing this handler will even reduce the error log file size by making these bogus URLs match (most of them, anyway) rather than generating an error. HTH Lou --=20 Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org =D4=BF=D4=AC Pudder's Law: Anything that begins well will end badly. (Note: The converse of Pudder's law is not true.) --jq0ap7NbKX2Kqbes Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE79JkReAPWYrNkRWIRAiy0AJ4xjnaVgEQV7YZ2/JJz6nq9GNo12gCfUjti 4v9vwDBNHjTuVo6GNtrksro= =4uwe -----END PGP SIGNATURE----- --jq0ap7NbKX2Kqbes-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011116044153.GB53683>