Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

[Security] GET /default.ida?XXXXX....

Discussion in 'Security' started by Radio_Head, Jun 18, 2003.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    executing

    # tail -15000 /usr/local/apache/logs/access_log | grep 'GET /default.ida?XXXXXXXX' | grep ' 200 ' | cat -n |less


    I found these ....

    1 171.75.67.25 - - [26/May/2003:13:08:53 -0400] "GET /default.ida?XXXXX.... H T T P /1.0" 200 -

    So it seems that someone attempted to install red worm on my box (http://www.qcn.nl/Subpages/artikelen/redworm.htm) .
    Probably my box was not infected , since code red worm propagate with Microsoft IIS Web servers (my box is a red hat linux) , but how could be possible that the hacker received an H T T P /1.0" 200 (200 = OK Successful Client Requests) ?

    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    I have read on another post that these are NT attacks , however how could you explain the 200 OK ?

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice