What is this? (IIS log) - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

What is this? (IIS log)

Message

From

02/09/2003 09:57:36

Randy Rinker
Integrity Data
Reading, Pennsylvania, United States

30/08/2003 13:58:51

David Frankenbach
Austin, Texas, United States

General information

Forum:

Visual FoxPro

Category:

Other

Title:

Re: What is this? (IIS log)

Miscellaneous

Thread ID:

00824712

Message ID:

00825295

Views:

Check on the IP though. Back when Code Red was running rampant I had attempts from 4 different IP's (I had the patch installed long before the outbreak). I traced those back and sent emails to the administrators at the ISPs involved and for the 3 that originated in the US, got the attacks stopped. The 4th was registered in Mexico and I don't speak or write Spanish.

Randy

>Oscar,
>
>You might want to goto this site and check for more info http://www.microsoft.com/security/
>
>Most of our servers here are seeing the same IIS log entries every few minutes. One of the other developers said though that he thinks the IP address in the request is spoofed so it's not displaying the real attacker.
>
>>After some research, I think it is some exploit of the WebDav vulnerability, but it seems widespread and I have not found any specific info. Before applying the MS WebDav patch, it crashed the server many times a day. After the patch, it does not crash anymore. But it must be a worm, I have been seeing it for some days now and do not know what it does.

Map

View

Click here to load this message in the networking platform