On Wednesday 13 March 2002 00.46, James Bliss wrote:
This is the Code Red / Nimda attack signatures. You can just ignore them since you are not at risk. I know, they really clutter up the logs though.
I do not think there is a way to keep them out of the log, on the security list they went around on this and I do not remember any specific resolution which would keep them out of the log files. (anyone know of a way to avoid logging these entries?)
This is included in SuSE's official 2.4.16 kernel. Don't know about 2.4.10 iptables -I INPUT -j DROP -m string -p tcp -s 0.0.0.0/0 --dport 80 --string "default.ida" (Adjust the string to suit other virus patterns). This will drop the attempt at the firewall level, before it ever gets to your apache. //Anders