In a perfect world, yes, it would help. Unfortunately, the very fact that
there are still unpatched IIS machines out there says a lot. Most likely,
this is someone's home machine, who doesn't even know IIS is running, that
is happily trying to infect any other machine it can find.
Ignore those entries, or filter them, and move on to better things...
----- Original Message -----
From: "Doug Nelson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 21, 2001 11:55 AM
Subject: RE: [analog-help] default.ida
> could I do an analog and pull out the ip's and somehow contact the
> administrator of those sites?
>
> I bet a script exists somewhere to mail webmaster@ whatever address it is
> coming from using logic like in the "How do I send the report to one
> person..." message from a few days ago.
>
> I would think this would help to cut down virus infections on a big scale,
> no?
>
>
>
> -----Original Message-----
> From: Tracy McKibben [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, August 21, 2001 12:52 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [analog-help] default.ida
>
> You're safe on that platform, but you'll still see attempted attacks.
Your
> logs should show the IP that the request came from, but it'll be nothing
> more than another infected machine.
>
>
> ----- Original Message -----
> From: "Doug Nelson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 21, 2001 11:47 AM
> Subject: RE: [analog-help] default.ida
>
>
> > We run a Linux/Apache server. This virus only attacks Windows servers,
> correct?
> >
> > Is there anything I need to do? Is there a way to see where it is coming
> from? Anyone I should report this to?
> >
> >
> > Doug
> >
> > -----Original Message-----
> > From: Tracy McKibben [SMTP:[EMAIL PROTECTED]]
> > Sent: Tuesday, August 21, 2001 12:44 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [analog-help] default.ida
> >
> > That would be the Code Red worm, attempting to infect your server...
> >
> > ----- Original Message -----
> > From: "Doug Nelson" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, August 21, 2001 11:38 AM
> > Subject: [analog-help] default.ida
> >
> >
> > > Does anybody know what would cause the following to appear in the
> "Failure
> > > Report"?
> > >
> > > 34: /default.ida
> > > 34:
> > >
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> > >
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> > >
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> > >
> XXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
> > >
> 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
> > > 078%u0000%u00=a
> > >
> > >
> +------------------------------------------------------------------------
> > > | This is the analog-help mailing list. To unsubscribe from this
> > > | mailing list, go to
> > > | http://lists.isite.net/listgate/analog-help/unsubscribe.html
> > > |
> > > | List archives are available at
> > > | http://www.mail-archive.com/[email protected]/
> > > | http://lists.isite.net/listgate/analog-help/archives/
> > > | http://www.tallylist.com/archives/index.cfm/mlist.7
> > >
> +------------------------------------------------------------------------
> > >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.268 / Virus Database: 140 - Release Date: 8/7/2001
> >
+------------------------------------------------------------------------
> > | This is the analog-help mailing list. To unsubscribe from this
> > | mailing list, go to
> > | http://lists.isite.net/listgate/analog-help/unsubscribe.html
> > |
> > | List archives are available at
> > | http://www.mail-archive.com/[email protected]/
> > | http://lists.isite.net/listgate/analog-help/archives/
> > | http://www.tallylist.com/archives/index.cfm/mlist.7
> >
+------------------------------------------------------------------------
> >
+------------------------------------------------------------------------
> > | This is the analog-help mailing list. To unsubscribe from this
> > | mailing list, go to
> > | http://lists.isite.net/listgate/analog-help/unsubscribe.html
> > |
> > | List archives are available at
> > | http://www.mail-archive.com/[email protected]/
> > | http://lists.isite.net/listgate/analog-help/archives/
> > | http://www.tallylist.com/archives/index.cfm/mlist.7
> >
+------------------------------------------------------------------------
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.268 / Virus Database: 140 - Release Date: 8/7/2001
> +------------------------------------------------------------------------
> | This is the analog-help mailing list. To unsubscribe from this
> | mailing list, go to
> | http://lists.isite.net/listgate/analog-help/unsubscribe.html
> |
> | List archives are available at
> | http://www.mail-archive.com/[email protected]/
> | http://lists.isite.net/listgate/analog-help/archives/
> | http://www.tallylist.com/archives/index.cfm/mlist.7
> +------------------------------------------------------------------------
> +------------------------------------------------------------------------
> | This is the analog-help mailing list. To unsubscribe from this
> | mailing list, go to
> | http://lists.isite.net/listgate/analog-help/unsubscribe.html
> |
> | List archives are available at
> | http://www.mail-archive.com/[email protected]/
> | http://lists.isite.net/listgate/analog-help/archives/
> | http://www.tallylist.com/archives/index.cfm/mlist.7
> +------------------------------------------------------------------------
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.268 / Virus Database: 140 - Release Date: 8/7/2001
+------------------------------------------------------------------------
| This is the analog-help mailing list. To unsubscribe from this
| mailing list, go to
| http://lists.isite.net/listgate/analog-help/unsubscribe.html
|
| List archives are available at
| http://www.mail-archive.com/[email protected]/
| http://lists.isite.net/listgate/analog-help/archives/
| http://www.tallylist.com/archives/index.cfm/mlist.7
+------------------------------------------------------------------------
