[Gllug] Attempted attack on apache
Andrew Halliwell
ah at gnd.com
Fri Nov 8 10:04:11 UTC 2002
> This is from a server log this morning. I assume this is an attempted
> attack. Our server is patched up to date and I see no signs of any problem.
> Am i reight to be assured?
>
> pool0047.cvx14-bradley.dialup.earthlink.net - - [08/Nov/2002:05:24:21 +0000]
> "GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
> u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 400 323 "-" "-"
Looks like codered or nimda to me. One of those stupid morons running IIS
without applying the required patches, no doubt.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list