Thanks for all the replies, most agreed that the three lines below indicate nimda/code red worms/virus, whatever, but mainly affecting Windows running IIS. No need to worry if running Solaris/Apache, just pay attention to the log file not being too full. - Mike ---------- original message ---------- My access log for apache is full of the three lines below, is someone attempting to hack my web server thinking it's a Windows machine??? Solaris running Apache... x.x.x.x - - [13/Apr/2003:21:14:23 -0500] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 164 x.x.x.x - - [13/Apr/2003:22:38:34 -0500] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - x.x.x.x - - [13/Apr/2003:22:39:24 -0500] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - Thanks. - Mike _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Apr 16 13:10:59 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:09 EST