• 0

[APACHE] - uknown stuff in my access.log


Question

sinatosk

every now and then i look in my access.log file and i see that there is crap in access.log files.... i don't know if ppl trying to perform scripts on my comp or something... but they keep performing this on my comp... I don't know if it's working or not tho... i kinda blocked it but not fully

81.103.74.212 - - [14/Mar/2003:03:30:20 +0000]"GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%

u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 301 701

it's all in one line

can anyone tell me wha it is and how to block it totally?

Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0
MxxCon

that's codered worm/virus :)

make sure your server is up to date and secured..

Link to post
Share on other sites
  • 0
sinatosk

well am using Apache 1.3.27 with PHP 4.3.1 module and Windows XP SP1... but how would i block it totally?

Link to post
Share on other sites
  • 0
MxxCon

do you use /default.ida ?

if not remove it..

Link to post
Share on other sites
  • 0
sinatosk

...... why can't i edit my own post???

anyway

in my httpd.conf i put this

RedirectPermanent  /default.ida/  "http://www.go_away.com/"

RedirectPermanent  /default.ida  "http://www.go_away.com/"

it's the only thing i could think of at the moment :blink: :huh:

EDIT : i got no file on ma web directory called "default.ida"

Edited by zionath
Link to post
Share on other sites
  • 0
Tim Dorr

don't worry. that's an attack directed specifically at IIIS on Windows. Since you're using apache, you haev nothing to worry about. Don't even worry about the redirects. They're doing nothing for you, cause the accesslogs will still log the redirect too.

I'd actually see if you can figure out who the person sending the requests is, so you can inform them of their infectinon.

Link to post
Share on other sites
  • 0
sinatosk

ok thx's for the info :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.