Hi,
From: Patrick Shanahan [mailto:WideGlide@MyRealBox.com]
[big snip]
No, I agree. I do not believe he is *skilled* ??computer wise?? at all. I have had my web-site up since just before New Years and it is only advertised in my sig so it is probably someone who has read one of the mail lists I have responded and stored my address. He first hit me 11 Mar and to date I have logged 1333 access attempts in httpd/access_log.
Nimda, Code Red and -alike are generating IP-addresses and probing for port 80. It's not an aimed attack against you. I also run a webserver (actually some more, but only one reachable from the internet) - it's the same here. There are still many Nimda, Code Red I and II probes. I wouldn't worry too much since they don't hurt me. It's just a bit nasty for the logfiles. I filter the messages with Apache, so the don't get logged in the error_log.
I am also amazed that RoadRunner is not more interested/concerned due to the added bandwidth considerations and imminent danger of multiplication thereof.
Which ISP is?
Of 22,000 lines in httpd/access_log, ~13,500 are *probably* virus access attempts. That is appalling. This traffic approaches or exceeds the weight of spam traffic.
Yes, agreed. Although HTTP requests and error responses shouldn't take too much of your bandwidth. Just the logfile grows a bit too fast .. I don't know, if it's still available but there was a tar-pit for Nimda and Code Red available for Linux, slowing the worm down (although it will not help you in your current situation). Maybe google will help you there. regards, Stefan