Odd Apache Log Entry... Code red?
    Steven L. Brendtro 
    sbrendtro at home.com
       
    Thu Aug  9 03:48:31 CDT 2001
    
    
  
Hello all,
After browsing my apache logs for a development box, I found SEVERAL Code
Red requests "GET default.ida?...".  I moved my port from 80 to 8081 so I
won't get flooded all the time.
Now how about this one... there are several log entries that start with:
	"GET /scripts/..%c1%9c../winnt/system32/cmd.exe... - 404"
followed by several hundred lines of binary looking garbage:
	";øvFÈNÈ+ÁE"
I read somewhere that the cmd.exe is part of Code Red's attack.  Does anyone
know what exactly is all the binary garbage I am getting in my log files?
Thanks,
Steve B.
PS I will be glad when code red is gone and we can talk about Linux on
Mainframes again :)
    
    
More information about the Kclug
mailing list