>Recently our iMail server bogs down about every 3 days to the point
>where mail delivery is delayed. I determined that restarting WEB
>Messaging fixes the problem until it happens again. The following are
>some WEB log entries that indicate an attack from a client browser, but
>I don't know enough about HTML (and HTML viruses) to know exactly what
>is happening:
Here's the appropriate section:
>20020305 224923 Info - 192.168.1.1 GET /scripts/root.exe?/c+dir HTTP/1.0.
>20020305 224924 Info - 192.168.1.1 GET /MSADC/root.exe?/c+dir HTTP/1.0.
...
There are the sign of a virus trying to infect your web server. However,
IMail can't be infected, only IIS can. This ends up instead being a DoS
attack, causing higher load on the mailserver.
>Our mail server is in a DMZ where external HTTP requests are mapped from
>80 to 8383. Could someone tell what these log entries indicate and how
>to prevent this?
They indicate that a virus such as Code Red (on another computer) is trying
to infect yours unsuccessfully. There isn't much you can do about it,
since they are standard web requests. Your firewall *might* be able to
block them. You could look at the IP they are coming from and contact the
appropriate party and hope they do something about it. You could block the
IP they are coming from at your firewall. Those ideas may help to some
extent, but like any DoS attack, you can't always fix it without a lot of work.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
