Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] code red question....
Ive got the same sort of logs on my sys. I have disable forwarding. What,
if anything should is shut down.

Cheers, Curtis

On Tuesday 07 August 2001 11:19, Anders Johansson wrote:
> On Tuesday 07 August 2001 12:53, Jim Hatridge wrote:
> > Hi all..
> >
> > After all this talk about code red, I looked at my access_log and found
> > this stuff. Is this the code red attack? If so, do I need to worry about
> > it? I'm running a "plain jane" install of SuSE 7.1 on my internet
> > machine. I am on a 56k dialup and only on the net about 30 minutes per
> > day. Also the first line (127.---) is that my localhost?
> >
> >
> > TIA
> >
> >
> > JIM
> >
> > *************************************************************************
> >** ***
> >
> > 127.0.0.1 - - [09/Apr/2001:11:43:57 +0200] "GET /robots.txt HTTP/1.0" 200
> > 231
>
> 127.0.0.1 is localhost, yes, so this is some program on your machine trying
> to see if you have robots.txt - a file that tells web spiders your 'spider
> policy'. In this file you can put web directories you don't want indexing
> agents and other web crawling agents to touch
>
> > 194.158.105.5 - - [22/Apr/2001:16:14:55 +0200] "GET http://www.amd.com/
> > HTTP/1.0" 200 4676
>
> This looks like someone trying to use your comp as a proxy
>
> The rest are code red, but as has been pointed out, only IIS users need
> worry about it
>
> > 24.139.0.245 - - [22/Jul/2001:12:40:53 +0200] "GET
> > /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NN
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNN
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNN
> > NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
> >bd3
> > %u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 400 319
> >
> > 212.84.163.91 - - [01/Aug/2001:21:18:55 +0200] "GET
> > /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NN
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNN
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNN
> > NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
> >bd3
> > %u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 400 319
> >
> > 202.105.119.98 - - [04/Aug/2001:14:59:04 +0200] "GET
> > /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NN
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNN
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNN
> > NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
> >bd3
> > %u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 400 319
> >
> > 213.168.222.197 - - [04/Aug/2001:19:54:47 +0200] "GET
> > /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> >XX
> > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> >XXX
> > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> >XXX
> > XXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
> >bd3
> > %u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 404 272
> >
> > 211.222.31.2 - - [04/Aug/2001:20:10:21 +0200] "GET
> > /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NN
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNN
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >NNN
> > NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
> >bd3
> > %u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 400 319
> >
> > *********************************************************************
>
> regards
> Anders

< Previous Next >
Follow Ups