[NTLUG:Discuss] Unusual httpd logs
rob
robert.apodaca at attbi.com
Thu Jun 13 17:01:51 CDT 2002
Hah! my apache logs are full of that same IP address.
If I'm not mistaken, the requests are from a windows machine that is running IIS
and is infected with the code red worm/virus. The requests are code red's way of
attempting to spread itself.
Check this slashdot article:
http://slashdot.org/article.pl?sid=01/08/05/1620220&mode=thread&tid=128
> ok i know i said unusual but its really not. what i'm looking for is a script
> i saw posted here for shutting down a remote machine that keeps filling my
> logs with the same GET request.
> <snip>
> [Wed Jun 12 11:09:30 2002] [error] [client 12.237.176.176] File does not
> exist: /html/scripts/root.exe
> [Wed Jun 12 11:09:30 2002] [error] [client 12.237.176.176] File does not
> exist: /html/MSADC/root.exe
> [Wed Jun 12 14:29:16 2002] [error] [client 12.237.176.176] File does not
> exist: /html/scripts/root.exe
> how can i stop this? i added this IP to hosts.deny but that didn't work and
> i'm not familiar at all with ipchains.
> TIA David
More information about the Discuss
mailing list