[On 02 Aug, 2001, Curt Howland wrote in " RE: apache log entry "]
>
> Yep, you've been asleep, or lucky. This is the Code Red virus.
>
> What are you running? I run Boa 0.92 and it doesn't even skip a beat with
> this "code red" idiocy.
>
I'm running Apache/1.3.9 (Unix) Debian/GNU. It just handels the request
like 'bad request'. So it doesn't seem to bother.
I knew about the virus but didn't gave it much attention, so I did not
knew what to expect in my logs.... now I know.
thx
> Curt-
>
> -----Original Message-----
> From: Wouter van Gils [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 02, 2001 15:27
> To: debian-security@lists.debian.org
> Subject: apache log entry
>
>
> Hi, today I came say a lot of these:
>
> tnt-7-28.easynet.co.uk - - [01/Aug/2001:21:59:02 +0200] "GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNN%u9090%u6858%ucbd3%u780
> 1%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0
> 003%u8b00%u531b%u53ff%u0078%u00
> 00%u00=a HTTP/1.0" 404 205
>
>
> is my apache logs from several ip's. Anyone have an idea of what they are.
> I've got about
> 20 of them. Is this 'Code Red' stuff ?
>
>
>
> grt Wouter
>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Wouter van Gils -=- [EMAIL PROTECTED]
> http://the-construct.cx/
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wouter van Gils -=- [EMAIL PROTECTED]
http://the-construct.cx/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
