Re: Strange httpd/access_log entry

[Gary <medmanks@mcleodusa.net>]

On Thu, Apr 11, 2002 at 12:16:05PM -0500 or thereabouts, Danny Sauer wrote:
> Unless you're running IIS, you don't have to worry about those.  Those
> are the entries generated by a machine infected with the code red IIS
> thing or one of the variants (code red's a virus, not a trojan, right?).
> Anyway, an infected machine picks a bunch of other IPs to scan for
> vulnurable scripts - the list you see is a list of common IIS vulnurable
> scripts.  Soem variants scan random IPs, some scan their whole class C,
> some pick IPs differently.  Either way, it's probably not a real person
> scanning you.  You might send a message to the admin for that IP, but if
> they're still having problems with that vulnerability, they're probably
> not the most diligent admin around. :)

Thanks Danny, makes sense ... appreciate all the help of all.  Man, I
just set up a temp page for my new website in my box, and it gets hit
already... There is nothing like Linux.. 
 
As Danny would say .... 
Gary, who is resting a little easier now... 
-- 
Best regards,
Gary   

Today's thought: BREAKFAST.COM Halted - Cereal port not responding.

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.