sinatosk Posted March 14, 2003 Share Posted March 14, 2003 every now and then i look in my access.log file and i see that there is crap in access.log files.... i don't know if ppl trying to perform scripts on my comp or something... but they keep performing this on my comp... I don't know if it's working or not tho... i kinda blocked it but not fully 81.103.74.212 - - [14/Mar/2003:03:30:20 +0000]"GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090% u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 301 701 it's all in one line can anyone tell me wha it is and how to block it totally? Link to comment Share on other sites More sharing options...
MxxCon Posted March 14, 2003 Share Posted March 14, 2003 that's codered worm/virus :) make sure your server is up to date and secured.. Link to comment Share on other sites More sharing options...
sinatosk Posted March 14, 2003 Author Share Posted March 14, 2003 well am using Apache 1.3.27 with PHP 4.3.1 module and Windows XP SP1... but how would i block it totally? Link to comment Share on other sites More sharing options...
MxxCon Posted March 14, 2003 Share Posted March 14, 2003 do you use /default.ida ? if not remove it.. Link to comment Share on other sites More sharing options...
sinatosk Posted March 14, 2003 Author Share Posted March 14, 2003 (edited) ...... why can't i edit my own post??? anyway in my httpd.conf i put this RedirectPermanent /default.ida/ "http://www.go_away.com/"RedirectPermanent /default.ida "http://www.go_away.com/" it's the only thing i could think of at the moment :blink: :huh: EDIT : i got no file on ma web directory called "default.ida" Edited March 14, 2003 by zionath Link to comment Share on other sites More sharing options...
Tim Dorr Veteran Posted March 14, 2003 Veteran Share Posted March 14, 2003 don't worry. that's an attack directed specifically at IIIS on Windows. Since you're using apache, you haev nothing to worry about. Don't even worry about the redirects. They're doing nothing for you, cause the accesslogs will still log the redirect too. I'd actually see if you can figure out who the person sending the requests is, so you can inform them of their infectinon. Link to comment Share on other sites More sharing options...
sinatosk Posted March 14, 2003 Author Share Posted March 14, 2003 ok thx's for the info :) Link to comment Share on other sites More sharing options...
Recommended Posts