FWIW,
I don't believe that Michael is being infected. I remember reading
somewhere, that if the machine was vulnerable to the expliot, the code
execution would occur before the request was ever written to the log
file, and thus there would be no trace of it.
On the flip side of things, if the machine is trying to be compromised
unsuccessfully, but the proper protection is in place (patch, or remove
.idq / .ida from IIS mappings) then the request will show up in the log
file.
Jay Sudowski
---------------------
Handy Networks LLC
TEL: 877-70-HANDY
FAX: 888-300-2FAX
URL: www.handynetworks.com <http://www.handynetworks.com>
---------------------
Providing reseller and dedicated Windows 2000 web hosting solutions.
-----Original Message-----
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 02, 2001 9:18 AM
To: CF-Talk
Subject: Re: default.ida?
Michael Lugassy wrote:
> I keep seeing on the log files some default.ida request.
> are those hacking attempts? what is this file do?
You've got to be kidding. Doesn't "Code Red" ring any bells?
Jochem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
