[thelist] domain under attack??

Steve Cook steve.cook at evitbe.com
Tue Dec 18 08:19:49 CST 2001


The good news is - it's not hackers (well, most likely not). These log
entries are signs of one or more of the Code Red worms (someone with more
expertise on them will probably tell you which one).

As regards traffic, although there's quite a lot of them, all they are
getting back from their hits is an HTTP 404 header (as the files aren't
found). This *shouldn't* have a significant impact on the performance of
your site.

I doubt that you, or your provider, will be able to do much about it. As
these are worm "hits" they are probably coming from more than one IP
address, so filtering them further upstream at your provider isn't going to
solve the problem.

The numbers you are getting don't seem to be *terribly* high, but it's
difficult to tell without knowing over how long a time those hits were seen.

Unless the hits are causing a noticeable problem on your server I would
probably not worry about it too much. At least as you are running Linux the
worm will not be able to actually find one of the trojan files it is looking
for. If it is causing traffic problems, then talk to your upstream provider
to see what they can do about filtering on cmd.exe (for instance).

Hope this helps.


------------------------------------------
Steve Cook
web strategist
Evitbe AB
031-15 16 17   031-809 365   0703-13 26 31
steve.cook at evitbe.com       www.evitbe.com
------------------------------------------




More information about the thelist mailing list