httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: Apache\s Error log entry
Date Thu, 27 Jun 2002 08:22:37 GMT
> From: Tariq Dalvi []
> Hello 
> I would like to know what this visiter is trying to as this errors are two to
> three times a day, following entry I always find in error log.
> - - [24/Jun/2002:06:41:54 +0530] "GET /scripts/..%%35%63
> #../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 294

This is Code Red - a MS IIS worm. The remote machine is a web-server which is infected by
the worm and which is scanning the internet trying to infect other machines. It doesn't do
anything (except cause a 400 error) in an apache server. If you really want to, you could
track down the sys-admin for the remote site and tell him his server is infected.


Owen Boyle

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message