Forum Moderators: phranque
i) why?
ii) where its coming from?
iii) its intent, is it a DOS or worm?
iv) what impact it is having on my webservers performance?
v) how to prevent it?
Any other webmasters come across this problem? Your advice would be most greatly appreciated.
2. check out your logs, they should tell you where the requests are coming from.
3. you should be able to figure that out from logs as well.
4. see #3
5. depends on what it is. you need to provide more info to get a decent answer for this one.
why type of webserver are you running? what URLs are being requested? are they actual pages?
Actually, if you are being hit hard by this, you should be comforted by the fact that the server is giving an error, rather than showing the vulnerability. An error code means that the attack has not worked, which is good news. Are you using IIS/Windows 2000, or Apache? Only an unpatched IIS installation is vulnerable to this attack.
Yes, it is a Win2k box with all the service packs and recommended updates applied. Which I assume is sufficient and doesn't require "code red specific" patches? I do recall a number of .ida requests in my traffic reports among other weird types of requested files that resulted in http errors. So I guess this isn't really an issue of impacting server performance, the server simply dishes back a default http error. This problem should then, I guess, fizzle out on its own once the source of the problem gives up. Again, thanks for your response.
