Jens Müller: Seltsamer GET-Request im Apache Log

Beitrag lesen

SELF-Forum

Seltsamer GET-Request im Apache Log

Jens Müller
Informationen zu den Bewertungsregeln

Hallo,

ich habe einen kleinen privaten Webserver mit wechselnden IPs laufen. Heute tauchen im Log des Apaches mehrfach folgende Anforderungen auf:

"GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0"

Ist zar mittlerweile Aufgeklaert, aber ich poste dennoch mal den Artikel
aus der ApacheWeek. Is ne schoene Stelle drin.

IIS vulnerabilities show up in Apache log files

We've received a large number of messages over the last few days
     from system administrators who have seen worrying entries in their
     Apache access logs. The requests look like this:
192.168.2.12 - - [19/Jul/2001:16:55:47 +0100] "GET /default.ida?NNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
  HTTP/1.0" 400 252 -

If you are running Apache there is nothing to worry about, these
     requests are part of the [3]Code Red Worm virus designed to search
     out vulnerable IIS servers running on Windows.

However if you'd like to become vulnerable to attacks such as this,
     Microsoft have a toolkit that will let to migrate from [4]Apache to
     IIS. (Allegedly the last step is append the text "3L33T crew ownz
     you" to the bottom of all your web pages to save the crackers some
     time)

3. http://www.cert.org/advisories/CA-2001-13.html
   4. http://www.microsoft.com/ISN/downloads/migration_toolsp65238.asp

Was mir so gefiehl:

However if you'd like to become vulnerable to attacks such as this

Man soll ja auch Spass bei der Arbeit haben.

gruesse
  jens mueller

Beitrag melden
Informationen zu den Bewertungsregeln
0 18

Seltsamer GET-Request im Apache Log

Thorsten Niederkrome
  • webserver
  1. 0
    Carsten P.
    1. 0
      Sebastian Burkhart
      1. 0
        Thorsten Niederkrome
        1. 0

          Illusiorisch.....Selbst ist der SysAdmin

          Wolfgang Wiese
  2. 0
    Thomas Rupp
    1. 0
      Thorsten Niederkrome
      1. 0
        Reiner
    2. 0

      Code red worm

      Wolfgang Wiese
  3. 0
    Hendrik Bergunde
    1. 0
      Reiner
  4. 0

    SlashDot-Artikel

    Frank Schönmann
    1. 0
      Frank Schönmann
      1. 0
        Frank Schönmann
        1. 0
          Thorsten Niederkrome
  5. 0
    Henryk Plötz
  6. 0
    Jens Müller
  7. 0
    Reiner