httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ven <>
Subject [users@httpd] Disturbing: speed of Probing by IIS webservers (nimda?)
Date Tue, 03 Sep 2002 14:24:51 GMT
hi all,

After last week's fight with my webserver and finally getting it good to go due
to simple upgrade of my router firmware (bangs head against wall), I am finding
some disturbing trends in the accesslog.

Every time I start the server, I get those hits of the type of "GET ....
cmd.exe" - which, after a bit of searching the web, I understood to be
nimda/code red infected IIS webservers.

That doesn't really bother me since everyone says apache is unaffected. What
DOES bother me is how it found me: no one knows I have a webserver. Thus far it
is a  personal webserver for no other use than to learn. So you couldn't just
"happen" to come across the website since nothing really knows or links to it.
So how is this IIS webserver or whatever it is getting to know that my http
port is open? because within 2-15 minutes of starting the webserver, I get hits
for a cmd.exe from one of these infected servers.
How in the world did it know I was online??
Is it because I already have something (virus?) that is breaching the security
and letting this server know of my ip-address whereabouts?
I have zonealarm on the windows side and my router will not respond to any WAN
requests (pings etc don't get a response).
Whatever it is that tries to get at the cmd.exe on my computer is pretty
impressive if the response time is that quick on a "blind" probing.

Any ideas/thoughts?


Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message