Odd Apache Log Entry... Code red?
Steven L. Brendtro
sbrendtro at home.com
Thu Aug 9 03:48:31 CDT 2001
Hello all,
After browsing my apache logs for a development box, I found SEVERAL Code
Red requests "GET default.ida?...". I moved my port from 80 to 8081 so I
won't get flooded all the time.
Now how about this one... there are several log entries that start with:
"GET /scripts/..%c1%9c../winnt/system32/cmd.exe... - 404"
followed by several hundred lines of binary looking garbage:
"�;øv�‰FÈ‹NÈ+Á‰E"
I read somewhere that the cmd.exe is part of Code Red's attack. Does anyone
know what exactly is all the binary garbage I am getting in my log files?
Thanks,
Steve B.
PS I will be glad when code red is gone and we can talk about Linux on
Mainframes again :)
More information about the Kclug
mailing list