Analog webstat og iis logfil

198, 164 og 34 er antal request..

Lytter med

ved forsøg på at åbne filen får jeg følgende resultat: The IDQ file default.ida could not be found.

Og ved søgning på .ida har jeg fundet dette:
Fast-Spreading Worm Exploits Microsoft IIS Flaw

A new worm that targets vulnerability in Microsoft\'s Internet Information Services (IIS) Web server software appears to be spreading quickly, say experts at eEye Digital Security.

The firm, based here, says it spotted the worm after analyzing packet logs and information it received Friday from two network administrators whose systems were attacked.

\"This thing is big. A lot of systems are being infected,\" says Marc Maiffret, chief hacking officer at eEye Digital Security. \"We\'ve already heard numbers of at least in the 5,000 range over a three-day period, and that was two days ago.\"

Dubbed .ida \"Code Red,\" the worm exploits a vulnerability in the indexing services within IIS that makes it susceptible to buffer overflow attacks. Engineers at eEye Digital Security issued a warning about the vulnerability on June 18.

Systems running Windows NT 4.0 with IIS 4.0 or IIS 5.0 enabled, Windows 2000 Professional, Server, Advanced Server and Datacenter Server, and beta versions of Windows XP are affected.

After infecting an IIS Web server, the worm generates a list of 100 random IP addresses to scan for new IIS servers to infect, Maiffret says. It also defaces Web pages with the message \"Hacked by Chinese!\" he says.

Because the worm uses the same seed for \"randomization\" of IP addresses, each new infected host will start scanning at the same IP address, resulting in hosts that are at the beginning of the list getting bombarded, he says. That creates the potential for denial-of-service attacks against those hosts, he says.

\"This is a pretty good wake-up call for people to realize they need to stay up-to-date on patches,\" Maiffret says.

Microsoft last month issued patches for Windows NT 4.0, as well as Windows 2000 Professional, Server and Advanced Server and advised users of Windows 2000 Datacenter Server software to contact their OEM because those patches are hardware-specific.

Skal ikke gøre mig klog, men har det ikke noget med CODE RED WORM, at gøre?

CodeRed.c W32/CodeRed.c.worm  RISK: High hvis IIS
http://vil.nai.com/vil/virusSummary.asp?virus_k=99177

Få installeret den patch, fra microsoft.....
findes på:
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp

/VisionMagic

Jeg har installeret den...

Det er code Red Worm :-((

Så er der intet at frygte. Skulle der ikke være.

Det er sikkert en anden inficeret server der chekker om default.ida er på din server, det er den ikke så den prøve at inficere dig.

nu da jeg har installeret patchen er jeg lidt i tvivl om den så er blevet fucket... IIS kører stadig ok..

Et typisk tegn på at du er inficeret er at din server viser en side hvor der står \'Hacked by Chineese\' og så en url til en eller anden side, mener det er worm.com

Og BTW. så dør virusen ved genstart af maskinen da den kun skulle leve i din ram.

Okay... så er jeg ikke :-)
men hvad skal alle de N\'er og X\'er gøre godt for?

Ved det ikke, men det vel en krypteret måde for virusen at smadre din server på ??