Hi, I wonder about one thing - I tried to open a lot of infected machines on port 80 but there are no web server at all - connection was refused, why is it? Sincerely, Dmitriy Melihov On Tue, 7 Aug 2001 13:47:05 +0200 Martin Leweling <lewelin@uni-muenster.de> wrote:
Hi,
On Tuesday 07 August 2001 11:44, christian.burri@synecta.ch wrote:
We setup a crontab on our webserver machine, similar to "cat httpd.access_log | grep default.ida > ida_fools.txt" its up since Aug, 2 2001 and the output file's got quite some lines in it: ... Cheers :) Chr. Burri
Other than merely collecting, you can do better things with these log entries, e.g. grep 'default.ida' httpd.access_log | mail -s 'APACHE' redalert@dshield.org (see www.dshield.org/codered.html).
They collect Code Red logs and notify domain admins of infected machines.
If you don't know what to do with your firewall, portsentry or whatever log files, www.dshield.org is a good address to send them to. Don't forget to read the "How to submit reports" section, though.
Regards, Martin
Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com