Brett Parker wrote:
Hi all,
Everyone musta heard by now about the nice new IIS worm that, once its got the IIS server, attacks whitehouse.gov. Have a look in your apache logs and see how many times they've tried to attack you...
brett@dustpuppy:/var/log/apache$ grep "default.ida" access.log | wc -l 25
and that's on a 33.6 dialup machine ;)
I had 22 virtual domains to check, so I knocked up a quick script. Only one has been hit, oddly enough the main one, which means they may well have come in by IP address. I checked the log, and they're sending a REALLY long url. Must be another buffer overflow thingy. 25 hits between 19/07/2001 16:40, and 20/07/2001 00:19 from lots of different IP addresses... Aren't I glad I don't run IIS! Cheers, Laurie. -- --------------------------------------------------------------------- Laurie Brown laurie@brownowl.com PGP key at http://pgpkeys.mit.edu:11371 ---------------------------------------------------------------------