> >Recently our iMail server bogs down about every 3 days to the point > >where mail delivery is delayed. I determined that restarting WEB > >Messaging fixes the problem until it happens again. The following are > >some WEB log entries that indicate an attack from a client browser, but > >I don't know enough about HTML (and HTML viruses) to know exactly what > >is happening: > > Here's the appropriate section: > > >20020305 224923 Info - 192.168.1.1 GET /scripts/root.exe?/c+dir HTTP/1.0. > >20020305 224924 Info - 192.168.1.1 GET /MSADC/root.exe?/c+dir HTTP/1.0.
> There are the sign of a virus trying to infect your web server. However, > IMail can't be infected, only IIS can. This ends up instead being a DoS > attack, causing higher load on the mailserver. So what is the virus trying to do? I don't understand these commands but I see a bunch of them in the log. > >Our mail server is in a DMZ where external HTTP requests are mapped from > >80 to 8383. Could someone tell what these log entries indicate and how > >to prevent this? > > They indicate that a virus such as Code Red (on another computer) is trying > to infect yours unsuccessfully. There isn't much you can do about it, > since they are standard web requests. Your firewall *might* be able to > block them. You could look at the IP they are coming from and contact the > appropriate party and hope they do something about it. You could block the > IP they are coming from at your firewall. Those ideas may help to some > extent, but like any DoS attack, you can't always fix it without a lot of work. So as long as the client PC is connected to the Net this is problem because the virus will bang on the iMail Server even if the client PC isn't logged into WEB Messaging? Dan Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
