Darrell,
> Dan, I took my codered.php checker and did a quick update to look for
> this as well. New file is named apache-hits.php and may be downloaded
> from:
Cool. Thanks for doing that.
> I've got 2938 total hits in my current log :(
Actually, you may have even more. Someone just pointed out to me that
I should also search for 'root.exe':
# date
Tue Sep 18 13:46:46 EDT 2001
# grep cmd.exe /var/log/httpd/access_log* | grep 18/Sep | wc
2834 36842 516064
# grep root.exe /var/log/httpd/access_log* | grep 18/Sep | wc
425 5525 64678
Apparently the worm uses several different attacks.
Dan
--
Dan York, Director of Training [EMAIL PROTECTED]
Ph: +1-613-751-4401 Cell: +1-613-263-4312 Fax: +1-613-564-7739
Mitel Network Corporation Network Server Solutions Group
150 Metcalfe St., Suite 1500, Ottawa,ON K2P 1P1 Canada
http://www.e-smith.com/ http://www.mitel.com/
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
