Re: [PHP] how to defend this atack?

2002-07-13 Thread Chris Shiflett 

This looks like a variant of the code red worm and will only bother you 
if you are running IIS, which I would hope you are not. :-)

218.5.149.77 is apparently running an infected IIS Web server. You might 
want to let them know.

Happy hacking.

Chris

andy wrote:

>Hi there,
>
>I am getting from time to time such GET requests. I think this is kind of a
>atack against the webserver. DNS maybe. Here is the log entry:
>
>218.5.149.77 - - [13/Jul/2002:19:57:09 +0200] "GET
>/default.ida?NNN
>
>
>N%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
>u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a
>HTTP/1.0" 400 321
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] how to defend this atack?

2002-07-13 Thread andy 

Hi there,

I am getting from time to time such GET requests. I think this is kind of a
atack against the webserver. DNS maybe. Here is the log entry:

218.5.149.77 - - [13/Jul/2002:19:57:09 +0200] "GET
/default.ida?NNN


N%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a
HTTP/1.0" 400 321

can anybody tell me more about this. How could this harm the server or
application installed and what can I do against it?

Thank you for any help on that,

Andy





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php