[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Hacking my Raq4i???
- Subject: Re: [cobalt-security] Hacking my Raq4i???
- From: "Stephen Rice" <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 6 Aug 2001 19:50:00 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> This is a piece of my last downloaded log-file from my Raq4i, I have
several
> websites and I've already installed all the patches Cobalt released.
> I am concerned about the following activity logfile display every few
> minutes in several websites. I'm afraid it looks like a systematic attempt
> to break into the server.
It is! It's the Code Red worm or a derivative. However this only affects
Microsoft IIS, and not the Linux/Apache that Raqs use. You're safe to sit
back and watch this one happen. We ourselves have logged about 100 of these
requests over the past 6 days.
If you get bored, you could notify the people running these IP addresses
that there's most likely an executable been installed on their website that
allows anyone root-level access to their webserver!
> I've only copied a sample to minimize email size.
That's quite enough, thankyou :o)
Hope this helps
Stephen