RE: [plug] Logfile: access on HTTPD

Tue, 24 Jul 2001 08:31:09 -0700 

Yeah, francis is right. It's code red. Actually, it's an old bug in IIS.
The real actual request for that would be

GET /default.ida?[0x240]=N HTTP/1.0

Just remove iissamples, msad and help also.

...hope this helps


> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 24, 2001 3:56 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [plug] Logfile: access on HTTPD
> 
> 
> Code red nga yan. Check the archives of BugTraq and Incidents at
> http://www.securityfocus.com
> 
> -----Original Message-----
> From: Percy [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, July 24, 2001 4:07 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [plug] Logfile: access on HTTPD
> 
> hindi kaya code red ang tumama sa yo?
> 
> On Sat, 21 Jul 2001 22:57:10 +0800 (PHT)
> <[EMAIL PROTECTED]> wrote:
> 
> > 
> > I got this message on  access log on httpd
> > 
> > What is this? error on my http server? help please 
> > 
> > Thank you for the help in advance
> > 
> > 
> > 211.218.238.235 - - [20/Jul/2001:00:17:39 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> Nu00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 400 329
> > 212.33.61.26 - - [20/Jul/2001:01:09:18 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNNN$
> > 24.254.10.201 - - [20/Jul/2001:01:35:22 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNN$
> > 65.68.132.13 - - [20/Jul/2001:02:12:25 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNNN$
> > 206.101.115.96 - - [20/Jul/2001:02:22:18 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NN$
> > 61.220.68.194 - - [20/Jul/2001:02:34:12 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNN$
> > 206.55.233.80 - - [20/Jul/2001:03:13:27 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNN$
> > 61.216.160.159 - - [20/Jul/2001:03:32:00 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NN$
> > 212.127.17.66 - - [20/Jul/2001:03:58:59 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNN$
> > 200.168.86.199 - - [20/Jul/2001:04:02:34 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NN$
> > 196.43.62.25 - - [20/Jul/2001:04:09:37 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNNN$
> > 24.78.44.239 - - [20/Jul/2001:04:18:16 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNNN$
> > 209.202.148.27 - - [20/Jul/2001:04:43:40 +0800] "GET /robots.txt
> > HTTP/1.0" 404 281
> > 24.130.39.91 - - [20/Jul/2001:05:22:31 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNNN$
> > 24.182.219.154 - - [20/Jul/2001:05:25:34 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NN$
> > 195.243.208.6 - - [20/Jul/2001:05:56:31 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNN$
> > 63.167.12.153 - - [20/Jul/2001:06:30:28 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNN$
> > 64.241.16.67 - - [20/Jul/2001:07:00:25 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NNNN$
> > 216.223.57.102 - - [20/Jul/2001:07:36:08 +0800] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNN
> NN$
> > 
> > 
> > 
> > 
> > 
> > _
> > Philippine Linux Users Group. Web site and archives at
> http://plug.linux.org.ph
> > To leave: send "unsubscribe" in the body to 
> [EMAIL PROTECTED]
> > 
> > To subscribe to the Linux Newbies' List: send "subscribe" 
> in the body to
> [EMAIL PROTECTED]
> 
> 
> -- 
> Percy de Leon
> Web Developer
> INQ7 Interactive Inc.
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> _
> Philippine Linux Users Group. Web site and archives at
> http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to 
> [EMAIL PROTECTED]
> 
> To subscribe to the Linux Newbies' List: send "subscribe" in 
> the body to
> [EMAIL PROTECTED]
> _
> Philippine Linux Users Group. Web site and archives at 
http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to