[Admins] Code Red
Reini Urban
rurban at x-ray.at
Fri Aug 10 20:02:44 CEST 2001
ich weiß, die machen das überall.
ca 5 requests pro stunde.
ich hab mich schon bei den admins der ip's aufgeregt: univie und unilinz.
die müßten doch zu kriegen sein.
auch inode weiß bescheid.
den 193.171.249.90 hab ich vorgestern überhaupt geblockt.
Norbert Math schrieb:
> aus meinem http error log:
>
> ...
>
> [Wed Aug 8 02:28:57 2001] [error] [client 193.171.7.35] File does not
> exist: /var/www/default.ida
> [Wed Aug 8 02:32:38 2001] [error] [client 193.171.5.37] File does not
> exist: /var/www/default.ida
> [Wed Aug 8 02:39:20 2001] [error] [client 193.146.35.14] File does not
> exist: /var/www/default.ida
> [Wed Aug 8 02:40:38 2001] [error] [client 193.171.5.37] File does not
> exist: /var/www/default.ida
> [Wed Aug 8 02:47:46 2001] [error] [client 193.77.206.195] File does not
> exist: /var/www/default.ida
> [Wed Aug 8 02:49:59 2001] [error] [client 193.171.5.37] File does not
> exist: /var/www/default.ida
> [Wed Aug 8 02:56:00 2001] [error] [client 193.153.94.248] File does not
> exist: /var/www/default.ida
> [Wed Aug 8 03:15:12 2001] [error] [client 193.171.249.90] Invalid URI in
> request XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
> 801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.1
> [Wed Aug 8 03:24:26 2001] [error] [client 193.248.17.235] File does not
> exist: /var/www/default.ida
> [Wed Aug 8 03:26:38 2001] [error] [client 193.171.250.83] File does not
> exist: /var/www/default.ida
> ....
>
> usw in dieser tonart ...
>
> hab ein wenig rumgeschaut in groups.google.com zB
> http://groups.google.com/groups?hl=en&safe=off&th=a0467def10eb0d53,11&seekm=3B71A0FC.E363BD97%40gmx.ch#p
>
> offenbar versuchen red code infizierte win rechner den virus an
> den *.mur.at weiterzugeben - das boese tierchen kann bei win/iis rechnern
> schaden anrichten - wer win/iis verwendet bitte obacht!
--
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/
More information about the Admins
mailing list