Munir Nassar <nassarmu at redconcepts.net> wrote: > > For a couple of days now i have been getting wierd errors in my Apache > logs, mostly people doing a GET /dir/cmd.exe, or root.exe Just a few days? What corner of the Internet are you hiding in? I want to go there so I don't have other people chewing up my bandwidth ;-) Most folks have been getting stuff like that for months. It's become the background radiation of the Internet. It also means that you *cannot* install IIS while a host is connected to the Internet. It doesn't take long at all for a new host to get > don't these people check the server strings? I may be inexperienced but i > am not brain dead enough to run IIS. or just even plain windows. Naw, that'd be too nice! The guys who wrote these worms just wanted them to spread as fast as possible. They just didn't worry about what would happen if they came across a non-vulnerable system. Therefore, one of the more interesting things to do would be to get a `tarpit' program that will allow the remote host to open a connection, but then won't send any other data. The infected host will (hopefully) get slowed down by this. -- _ _ _ _ _ ___ _ _ _ ___ _ _ __ Error 008: Remove aluminum / \/ \(_)| ' // ._\ / - \(_)/ ./| ' /(__ foil, remote control \_||_/|_||_|_\\___/ \_-_/|_|\__\|_|_\ __) devices and spleen. [ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020223/eb0ad851/attachment.pgp