[oclug] httpd logs
borg at mondenet.com
Sun Aug 5 12:03:07 EDT 2001
Ahhh... so that is the signature that code red attempts leave in the logs...
interesting. I have read a several articles on it but have never seen
"evidence" before. Thanks :-)
PS - I always have run apache as I have always enjoyed the virtualhost
abilities over IIS. Not too mention the constent security nighmares of IIS.
Just a quick peak around and I found about ten hosts susceptible to
hexadecimal code exploits... YIKES!
> > GET /default.ida?NNNNNNNNNNNNNNNNNN
> > GET /default.ida?XXXXXXXXXXXXXXXXXX
> Typical of the "Code Red" exploit. It only affects IIS.
> oclug mailing list
> oclug at lists.oclug.on.ca
More information about the OCLUG