Brett Parker wrote:
Hi all,
Everyone musta heard by now about the nice new IIS worm that, once its got the IIS server, attacks whitehouse.gov. Have a look in your apache logs and see how many times they've tried to attack you...
brett@dustpuppy:/var/log/apache$ grep "default.ida" access.log | wc -l 25
and that's on a 33.6 dialup machine ;)
I had 22 virtual domains to check, so I knocked up a quick script. Only one has been hit, oddly enough the main one, which means they may well have come in by IP address. I checked the log, and they're sending a REALLY long url. Must be another buffer overflow thingy.
25 hits between 19/07/2001 16:40, and 20/07/2001 00:19 from lots of different IP addresses...
Aren't I glad I don't run IIS!
Cheers, Laurie.