Toggle navigation
Koozali.org: home of the SME Server
Community
Forums
Bugs
Lists
Forum Help
Download
SME Server ISOs
Contribs
Documentation
Manual
Wiki
FAQ
HowTo
Donate
Search
Login
Register
Login
Register
×
Close
Login
Remember me
Koozali.org: home of the SME Server
Legacy Forums
General Discussion (Legacy)
Topic:
Query
« previous
next »
+
Print
Pages: [
1
]
Go Down
Query
5 Replies
466 Views
Mike
Query
«
on:
July 04, 2003, 06:35:21 AM »
www.mydomain.com
203.131.122.194 - - [03/Jul/2003:17:01:49 +0800] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
Where 203.131.122.194 is foreign address, i dont know this IP
What this means? Is there some intruder entering my server?
Any suggestion...
Mike
Logged
Andrew Rosenau
Re: Query
«
Reply #1 on:
July 04, 2003, 07:04:25 AM »
A search on
http://www.apnic.net/apnic-bin/whois.pl
shows that the IP is registerd over in the Phillipeans--if its a hacker i dont know but thats the IP owner.
Logged
Cyrus Bharda
Re: Query
«
Reply #2 on:
July 04, 2003, 07:28:46 AM »
Mike,
What log are you getting this in, to me it looks like a simple http get request, but I really am taking a stab in the dark at that, I certainly do not reckognise it so I really do not know what it is, just being speculative.
Cyrus Bharda
Logged
Michael P. Soulier
Re: Query
«
Reply #3 on:
July 04, 2003, 07:50:12 AM »
Mike wrote:
>
>
www.mydomain.com
203.131.122.194 - - [03/Jul/2003:17:01:49
> +0800] "GET
> /default.ida?
Looks like Nimda or CodeRed. The owner of the IP probably doesn't know that their box is infected. Apache is immune, so don't worry about it.
Mike
Logged
Mike
Re: Query
«
Reply #4 on:
July 04, 2003, 10:10:11 AM »
Thanks for your all reply... just curious, i have found it in my httpd log, there's no sign of accept, deny or drop so I have scared. I have found this log first in my Mandrake Linux then now in my SME 5.6.
BTW thanks all of you guys...
Mike
Logged
Charlie Brady
default.ida (was Re: Query)
«
Reply #5 on:
July 04, 2003, 09:24:00 PM »
Mike wrote:
>
www.mydomain.com
203.131.122.194 - - [03/Jul/2003:17:01:49
> +0800] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
...
> What this means?
A search here for "default.ida" (all dates) will give you lots of information.
A similar search on google.org will give you lots more.
Charlie
Logged
+
Print
Pages: [
1
]
Go Up
« previous
next »
Koozali.org: home of the SME Server
Legacy Forums
General Discussion (Legacy)
Topic:
Query
5 Replies
466 Views