Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
RE: [suse-security] HTTP Strange LOG
  • From: "POULINGUE Cyril FTRD/SVA/LAN" <cyril.poulingue@xxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 10 Jul 2003 10:58:20 +0200
  • Message-id: <3147378CA741B546B7DFFBA3070D2E2B07E8A8@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
hi,
this is a typical code-red worm attack trying to exploit a buffer oberflow but youu don't have to worry about this.
this worm only targets microsoft IIS web servers

Cyril

-----Message d'origine-----
De : cydonia@xxxxxxxxxx [mailto:cydonia@xxxxxxxxxx]
Envoyé : jeudi 10 juillet 2003 10:54
À : suse-security@xxxxxxxx
Objet : [suse-security] HTTP Strange LOG


Dear List,

I have this strange logs in my APache Web server,

202.159.151.106 - - [10/Jul/2003:14:53:15 +0700] "GET /default.ida?XXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u909
0%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%
u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 271 "-" "-"

Is My WEb server attacked ? If it is, How should i configure my Apache?




Best Regards,


Kheli

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >
Follow Ups