[thelist] Code red?

Jon Haworth evolt at laughing-buddha.net
Sun Jan 27 07:46:01 CST 2002


Hi list,

I'm running Apache on the same box I use as a gateway for my DSL (Win2k
Pro), and I keep getting scanned by (I think) Code red - the requests are
along the lines of:

host217-35-35-139.in-addr.btopenworld.com - - [27/Jan/2002:12:47:57 +0000]
"GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 - "-"
"-"

Results of ipconfig on my ADSL-connected box tell me my IP was
217.35.33.102 at this time, and full scans by Sophos show no virii on any
of my machines.

Is it possible I'm infected with this? Is it coming from someone else in my
ADSL contention group (or whatever it's called)?

I've got onto BT Openworld, but they're usually not much cop, so advice
would be most welcome :-)

Cheers
Jon





More information about the thelist mailing list