Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Is your Web Server under attack?

Please note - this page is archived. The information is still relevant, but new viruses are popping up all the time and we suggest that you check with a web site that specialises in such subjects if you're looking for more than a quick read.

Do you run a web server? Do you check your access log files from time to time to see who's been visiting and which pages are popular, or to check for broken links?

If you find that you've got visitors looking for /default.ida (followed by a long string of other text in the URL), then you're under attack from the Code Red 2 worm.

Code Red 2 attacks Windows 2000 systems running IIS; once it enters via /default.ida (there's a security hole there) it will in turn start attacking other servers from your system.

Code Red doesn't actually check which server it's attacking, so even if you run Apache, you'll most likely see it appearing in your logs. It doesn't do any harm on Apache or other servers - it's really just an irritant. There's an Apache Module available - Apache::CodeRed - which will intercept requests for the default.ida page, will determine the name of the host computer attacking, and will send a warning email to the administrator there.

If you're running IIS, of course, you'll want to get the patch from Microsoft now - even if you've not been attacked yet.



Please note that articles in this section of our web site were current and correct to the best of our ability when published, but by the nature of our business may go out of date quite quickly. The quoting of a price, contract term or any other information in this area of our website is NOT an offer to supply now on those terms - please check back via our main web site

Related Material

Other - books

resource index - Archive
Solutions centre home page

You'll find shorter technical items at The Horse's Mouth and delegate's questions answered at the Opentalk forum.

At Well House Consultants, we provide training courses on subjects such as Ruby, Lua, Perl, Python, Linux, C, C++, Tcl/Tk, Tomcat, PHP and MySQL. We're asked (and answer) many questions, and answers to those which are of general interest are published in this area of our site.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/solutions/archived ... ttack.html • PAGE BUILT: Wed Mar 28 07:47:11 2012 • BUILD SYSTEM: wizard