And if you are running a modperl enableed server, and *really* want to automate some of the notifications, look into the Apache::MSIISProbes module, and set it as the handler for /default.ida.
On Thu, 2 Jan 2003, John Orthoefer wrote: > You really want to tell the ISP, so they can shutdown the person. Most > of the cases are like this one, it's someone on a dynamic IP address. > So it's almost imposible for you to tell who had that address, and it's > doubtful that if you got intouch with the person they would even understand. > > johno > > Betsy Schwartz wrote: > > > That's the Code Red worm which caused so much fuss last year. Won't > > hurt your Unix server any. You may wish to let the scanning address's > > owner know that they're infected though > > > > > > > > At 10:00 AM 1/2/2003 -0500, Dima wrote: > > > >> 66.189.100.35 - - [02/Jan/2003:08:08:31 -0500] "GET > >> /scripts/root.exe?/c+dir HTTP/1.0" 404 282 > >> 66.189.100.35 - - [02/Jan/2003:08:08:31 -0500] "GET > >> /MSADC/root.exe?/c+dir HTTP/1.0" 404 280 -- Steve Reppucci [EMAIL PROTECTED] | Logical Choice Software http://logsoft.com/ | =-=-=-=-=-=-=-=-=-=- My God! What have I done? -=-=-=-=-=-=-=-=-=-= --- Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. Mail administrative requests to `[EMAIL PROTECTED]'.
