Code Red In Logs

Forum Moderators: phranque

Message Too Old, No Replies

Code Red In Logs

still?

austtr

2:09 am on Apr 1, 2003 (gmt 0)

I was glancing through the March logs of a new site checking for spider visits when I came across quite a few GET default.ida entries.

A search here on WW tells me that default.ida is the signature for the Code Red virus hitting MS servers etc... but those posts are back in 2001!

Is Code Red still alive and kicking? Does it actually harm the website pages? I use hosting companies, so I guess the action is to send them a copy of the log and ask for some protection?

Comments/advice appreciated.

carfac

2:29 am on Apr 1, 2003 (gmt 0)

Hi:

Yep- it is still alive and kicking. I see a couple dozen hits a day on my sites.

As long as you do not have an MS server, nothing at all to worry about. If you have an MS server, you should know about and make the appropriate updates.... or worry. (I do not have an MS server, so I do not know all those nasty things...)

If it REALLY annoys you, do a quick mod_rewrite for this and send them a 403!

dave

Ankheg

6:04 am on Apr 1, 2003 (gmt 0)

I make a zero-byte default.ida file on all my sites, and logs show that for my largest site Code Red hit me 39 times in the month of March. Thank the Goddess I'm on Linux... :)

It's still very much rampant in the wild.

carfac

4:23 pm on Apr 1, 2003 (gmt 0)

>>> I make a zero-byte default.ida

I do not give them the pleasure of a response. I mod_rewrite it to a blackhole and make them wait.... for nothing!

dave

bcolflesh

4:27 pm on Apr 1, 2003 (gmt 0)

One of my sites on a prominent Windows hosting company gets 100's of Code Red and NIMDA attack attempts every day...

Regards,
Brent

Code Red In Logs

still?

austtr

carfac

Ankheg

carfac

bcolflesh

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week