Hi list
Its days like this I get so excited and I know that Im going to learn
something more about security.
This morning in my apache logs I saw this.
61.185.21.74 - - [02/Jun/2005:16:58:31 +0200] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 403 286 "-" "-" "-"
My google shows its an IIS exploit.
(http://www.thesitewizard.com/news/coderediiworm.shtml)
I like the part that says:
If your website is on a (say) Unix or Linux system, running the Apache
web server, your server is probably safe, since the worm actually
exploits vulnerabilities in the IIS server that are not present in
Apache. However, don't relax just yet.
Anyway I dont run IIS
But just in case of security and future tips / advice for using iptables.
If anyone has anything to share, it would be most appreciated.
Kind Regards
Brent Clark
