Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
Python and Tcl - public course schedule [here]
Private courses on your site - see [here]
Please ask about maintenance training for Perl, PHP, Lua, etc
 
Is your Web Server under attack?

Please note - this page is archived. The information is still relevant, but new viruses are popping up all the time and we suggest that you check with a web site that specialises in such subjects if you're looking for more than a quick read.

Do you run a web server? Do you check your access log files from time to time to see who's been visiting and which pages are popular, or to check for broken links?

If you find that you've got visitors looking for /default.ida (followed by a long string of other text in the URL), then you're under attack from the Code Red 2 worm.

Code Red 2 attacks Windows 2000 systems running IIS; once it enters via /default.ida (there's a security hole there) it will in turn start attacking other servers from your system.

Code Red doesn't actually check which server it's attacking, so even if you run Apache, you'll most likely see it appearing in your logs. It doesn't do any harm on Apache or other servers - it's really just an irritant. There's an Apache Module available - Apache::CodeRed - which will intercept requests for the default.ida page, will determine the name of the host computer attacking, and will send a warning email to the administrator there.

If you're running IIS, of course, you'll want to get the patch from Microsoft now - even if you've not been attacked yet.



Please note that articles in this section of our web site were current and correct to the best of our ability when published, but by the nature of our business may go out of date quite quickly. The quoting of a price, contract term or any other information in this area of our website is NOT an offer to supply now on those terms - please check back via our main web site

Related Material

Other - books
  [] - ()

resource index - Archive
Solutions centre home page

You'll find shorter technical items at The Horse's Mouth and delegate's questions answered at the Opentalk forum.

At Well House Consultants, we provide training courses on subjects such as Ruby, Lua, Perl, Python, Linux, C, C++, Tcl/Tk, Tomcat, PHP and MySQL. We're asked (and answer) many questions, and answers to those which are of general interest are published in this area of our site.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2019: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01225 708225 • FAX: 01225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/solutions/archived ... ttack.html • PAGE BUILT: Wed Mar 28 07:47:11 2012 • BUILD SYSTEM: wizard