[APACHE] - uknown stuff in my access.log

[sinatosk]

every now and then i look in my access.log file and i see that there is crap in access.log files.... i don't know if ppl trying to perform scripts on my comp or something... but they keep performing this on my comp... I don't know if it's working or not tho... i kinda blocked it but not fully

81.103.74.212 - - [14/Mar/2003:03:30:20 +0000]"GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%

u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 301 701

it's all in one line

can anyone tell me wha it is and how to block it totally?

[MxxCon]

that's codered worm/virus :)

make sure your server is up to date and secured..

[sinatosk]

well am using Apache 1.3.27 with PHP 4.3.1 module and Windows XP SP1... but how would i block it totally?

[MxxCon]

do you use /default.ida ?

if not remove it..

[sinatosk]

...... why can't i edit my own post???

anyway

in my httpd.conf i put this

RedirectPermanent  /default.ida/  "http://www.go_away.com/"

RedirectPermanent  /default.ida  "http://www.go_away.com/"

it's the only thing i could think of at the moment :blink: :huh:

EDIT : i got no file on ma web directory called "default.ida"

Edited March 14, 2003 by zionath

[Tim Dorr Veteran]

don't worry. that's an attack directed specifically at IIIS on Windows. Since you're using apache, you haev nothing to worry about. Don't even worry about the redirects. They're doing nothing for you, cause the accesslogs will still log the redirect too.

I'd actually see if you can figure out who the person sending the requests is, so you can inform them of their infectinon.

[sinatosk]

ok thx's for the info :)