On Thursday 19 July 2001 04:51 pm, you wrote: > On Thu, Jul 19, 2001 at 11:37:13PM +0200, Thomas Eibner wrote: > > On Thu, Jul 19, 2001 at 05:28:52PM -0400, Dan Drake wrote: > > > On Thu, Jul 19, 2001 at 11:23:27PM +0200, Thomas Eibner wrote: > > > > On Thu, Jul 19, 2001 at 09:16:42PM +0000, kblack at isd.net wrote: > > > > > Is anybody else running a firewall > > > > > (and blocking port 80) > > > > > noticing an unusual number of attacks today? > > > > > > Hmmmm. I'm seeing a lot of weird requests for "default.ida" in my > > > logs (I'm running a web server and not blocking port 80). The accesses > > > look weird, too...from a bunch of different IPs. I also have "Malformed > > > HTTP header" (or something like that) in my error log. > > > > 211.236.188.150 - - [19/Jul/2001:23:04:43 +0200] "GET > > /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > >NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > >NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > >NNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u68 > >58%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000 > >%u00=a HTTP/1.0" 400 333 "-" "-" ip44-137.asiaonline.net - - > > [19/Jul/2001:23:12:21 +0200] "GET > > /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > >NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > >NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > >NNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u68 > >58%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000 > >%u00=a HTTP/1.0" 400 333 "-" "-" 212.113.168.95 - - [19/Jul/2001:23:32:21 > > +0200] "GET > > /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > >NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > >NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > >NNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u68 > >58%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000 > >%u00=a HTTP/1.0" 400 333 "-" "-" > > > > Like these I take it? > > The same here from these guys... > > 213.26.234.70 > 209.223.50.51 > 207.101.212.130 > 212.163.165.26 > 65.3.198.239 > 198.145.154.193 > 211.62.36.37 > 211.172.225.63 > 202.123.80.2 > 150.164.98.130 > 24.184.153.172 > 133.66.35.7 > 62.49.221.130 > 210.160.177.165 > 12.76.115.253 > 149.169.25.4 > 193.183.19.90 > 66.46.75.98 I could add my own list..... Just proves how vulnerable windoze is. This is the last straw for me and my win server. Now I begin the uphill trek of migrating everything web related off my last windoze box and onto my linux server. (Newbie, been with linux for only a few short months) -Kevin > > florin