[Dshield] Suspect HTTP-activity

John Hardin johnh at aproposretail.com
Fri Jan 23 20:57:29 GMT 2004

On Fri, 2004-01-23 at 10:30, Martin Agren wrote:
> So first of, Hello!

Welcome aboard!

> Below are excerpts from my apache/access.log (I'm running Win2000Pro). I 
> haven't publicly announced my web-server in any way -- I just use it for 
> development of web-code and invite other developers to check it out.

You don't need to announce a server for worms to find it. They try IP
addresses at random.

> Any DShield-like service that collects apache-logs? ;-)

Dshield does some, they are thinking about doing more. I'll let Johannes
fill in the details.

> Are there any known worms that create these requests?


> Should I act in any way?

Make sure your OS patches are current.

John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
 If you smash a computer to bits with a mallet, that appears to count
 as encryption in the state of Nevada.
                                               - CRYPTO-GRAM 12/2001

More information about the list mailing list