Thank you Anders. Hooray, I use Apache on SuSE :) I added the following entry to my Apache config to ignore it, I found this aftre digging on google a bit... And yes thank you, it was Code Red... SetEnvIfNoCase Request_URI "^/default.ida" nolog Redirect gone /default.ida Anders Johansson wrote:
On Saturday 15 March 2003 05:42, Ahbaid Gaffoor wrote:
Does anyone have any idea as to what this is? Is it dangerous? How do I protect my site against it?
Thanks,
Ahbaid.
Entry begins: ------------- 12.207.13.41 - - [11/Mar/2003:18:08:40 -0600] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7 801%u90 -------------- Entry Ends
I forget if this is Code Red or Nimda, but it's one of the two. It's only dangerous if you're running an (unpatched) IIS server. The worst that happens to your apache server is that your logs could grow large.