-=> From: Betsy Schwartz <[EMAIL PROTECTED]> -=> -=> That's the Code Red worm which caused so much fuss last year. Won't hurt -=> your Unix server any. You may wish to let the scanning address's owner know -=> that they're infected though
Has anyone written a log-parser that walks the logs, finds those lines (possibly strips them out) and contacts webmaster or the like at the originating addresses? Or, being windows boxes, is it likely that they didn't set up those addreses, and it would just be frustraiting? -dkap -=> At 10:00 AM 1/2/2003 -0500, Dima wrote: -=> -=> >66.189.100.35 - - [02/Jan/2003:08:08:31 -0500] "GET -=> >/scripts/root.exe?/c+dir HTTP/1.0" 404 282 -=> >66.189.100.35 - - [02/Jan/2003:08:08:31 -0500] "GET /MSADC/root.exe?/c+dir -=> >HTTP/1.0" 404 280 -=> -=> -=> --- -=> Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. -=> Mail administrative requests to `[EMAIL PROTECTED]'. -=> --- Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. Mail administrative requests to `[EMAIL PROTECTED]'.
