The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Security] GET /default.ida?XXXXX....

Discussion in 'Security' started by Radio_Head, Jun 18, 2003.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    executing

    # tail -15000 /usr/local/apache/logs/access_log | grep 'GET /default.ida?XXXXXXXX' | grep ' 200 ' | cat -n |less


    I found these ....

    1 171.75.67.25 - - [26/May/2003:13:08:53 -0400] "GET /default.ida?XXXXX.... H T T P /1.0" 200 -

    So it seems that someone attempted to install red worm on my box (http://www.qcn.nl/Subpages/artikelen/redworm.htm) .
    Probably my box was not infected , since code red worm propagate with Microsoft IIS Web servers (my box is a red hat linux) , but how could be possible that the hacker received an H T T P /1.0" 200 (200 = OK Successful Client Requests) ?

    Thank you
     
  2. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I have read on another post that these are NT attacks , however how could you explain the 200 OK ?

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page