[KLUG Members] weird web stuff
Wesley Leonard
members@kalamazoolinux.org
Thu, 19 Jul 2001 13:54:36 -0400
Thanks! I immediately composed an email to admin, abuse, root @ all the systems
from where it came.
Luckily I'm running Apache! :)
--
Wesley Leonard
marshall@pacdemon.org
http://www.pacdemon.org
"The economy depends about as much on economists as the weather does on weather
forecasters."
--Jean-Paul Kauffmann
Richard Zimmerman wrote:
>
> They (read somebody) are trying to hack you with the .ida worm.....
>
> It's aimed at IIS servers on NT4+. It loads on the server then create 100
> instances of itself. The first 99 go searching for more victims, the 100th
> defaces the webpage.
>
> >From what I have read, it ONLY affects IIS / NT systems. This thing hit 5400
> systems in one day and the last numbers I can remember show over 100,000
> systems affected in a week!
>
> I just had to call one of my customers as they just got hacked by it also!
>
> Richard
>
> Richard Zimmerman Richard@knbpower.com
> Information Systems Manager ke4rit@earthlink.net
> K&B Transport, Inc.
> Elkhart, Indiana Advanced SKYWARN weather spotter
>
> Look Listen and Live!
> Support Operation Lifesaver
> www.oli.org
>
> ----- Original Message -----
> From: "Wesley Leonard" <marshall@pacdemon.org>
> To: "Klug Mailing List" <members@kalamazoolinux.org>
> Sent: Thursday, July 19, 2001 12:16 PM
> Subject: [KLUG Members] weird web stuff
>
> > Today I got found odd web requests on my home server (on DSL). They were
> all
> > from different IP addresses and they looked like this:
> >
> > [19/Jul/2001:12:41:41 -0400] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
> 090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 400 335
> >
> >
> > In the error logs it says these four clients generated a mailformed Host
> header.
> >
> > Anybody seen this before? Should I start getting worried? They were all
> within
> > a half an hour and were VERY different IP address (24., 212., 4., 131.).
> >
> > l8er
> > --
> >
> > Wesley Leonard
> > marshall@pacdemon.org
> >
> > http://www.pacdemon.org
> > "The economy depends about as much on economists as the weather does on
> weather
> > forecasters."
> > --Jean-Paul Kauffmann
> > _______________________________________________
> > Members mailing list
> > Members@kalamazoolinux.org
> >
> >
> >
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>