On Saturday 15 March 2003 05:42, Ahbaid Gaffoor wrote:
Does anyone have any idea as to what this is? Is it dangerous? How do I protect my site against it?
Thanks,
Ahbaid.
Entry begins: ------------- 12.207.13.41 - - [11/Mar/2003:18:08:40 -0600] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7 801%u90 -------------- Entry Ends
I forget if this is Code Red or Nimda, but it's one of the two. It's only dangerous if you're running an (unpatched) IIS server. The worst that happens to your apache server is that your logs could grow large.