httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: Apache\s Error log entry
Date Thu, 27 Jun 2002 08:22:37 GMT
> From: Tariq Dalvi [mailto:tariq@sitesdesigners.com]
> 
> Hello 
> I would like to know what this visiter is trying to as this errors are two to
> three times a day, following entry I always find in error log.
>
> 202.99.223.118 - - [24/Jun/2002:06:41:54 +0530] "GET /scripts/..%%35%63
> #../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 294

This is Code Red - a MS IIS worm. The remote machine is a web-server which is infected by
the worm and which is scanning the internet trying to infect other machines. It doesn't do
anything (except cause a 400 error) in an apache server. If you really want to, you could
track down the sys-admin for the remote site and tell him his server is infected.

http://www.eeye.com/html/Research/Papers/DS20010802.html

Rgds,

Owen Boyle

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message