[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: cobalt-security digest, Vol 1 #807 - 17 msgs

Subject: [cobalt-security] Re: cobalt-security digest, Vol 1 #807 - 17 msgs
From: Jürgen Rohrbach <juergen.rohrbach@xxxxxxxxxx>
Date: Thu, 20 Jun 2002 17:29:26 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Message: 4
> Date: Thu, 20 Jun 2002 01:24:25 -0500
> To: cobalt-security@xxxxxxxxxxxxxxx
> From: David Lucas <david@xxxxxxxxxxxxxxxx>
> Subject: Re: [cobalt-security] misterious logitems
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
> 
> At 01:08 AM 6/20/2002, you wrote:
>> hello,
>> 
>> in on of my site log files the following logentry appears many many times.
>> 
>> 
>> www.domain.de 218.29.70.241 - - [20/Jun/2002:08:18:39 +0200] "GET
>> http://www.domain.de/cobalt_error/forbidden.html HTTP/1.0" 200 653
>> "http://www.18xm.com"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
>> 
>> 
>> Is there a security problem with my box?
>> 
>> Why is the complete url "http://www.domain.de...."; listed in the get field?
>> Normal requests just list the relative path of the url?
>> 
>> How can i stop responding to such requests?
> 
> 
> Turn off your server.
> We can't do much about all the nimda and code red virus' either.  They just
> make log entries.
> 

hello david,

are your sure that this logentry is produced because of the nimda or code
red virus?

thanks,

juergen

Prev by Date: Re: [cobalt-security] Be very careful! BIND patch in RaQ4-All-System-2.0.1-14185.pkg
Next by Date: Re: [cobalt-security] RaQ3 and Apache DoS
Previous by thread: Re: [cobalt-security] Hacked? or another problem?
Next by thread: [cobalt-security] Remove email

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index