Lol, When I first read this I was gonna say.you must not get alot of attacks, I don't have 2 hours a day just for logging IP's and then adding them to /etc/hosts.deny! Looks like you don't either. I wish ISP's or traffic aggregates would actually do something about the host networks for the machines that are STILL running these f&.^$@g code red variants. You know I have probably sent a hundred or so emails to various addresses for different problems with attacks or scanners/viruses and have never ONCE gotten a reply.

• C Windows System32 Cmd.exe
• 255c Winnt System32 Cmd Exe C Directory

Just this weekend one of my mail servers got bombed by a spam email server in Germany. I mean, all relaying is denied but this damned box would not stop. It chaps my hide that I have to start creating iptables rules because of losers like that.fishsponge 10:03 AM.

Failures ReportFile Requests/scripts/.%255c./winnt/system32/cmd.exe 108 8.169%/scripts/.%255c./winnt/system32/cmd.exe?/c+dir 108 8.169%/scripts/.%5c./winnt/system32/cmd.exe 91 6.884%/scripts/.%5c./winnt/system32/cmd.exe?/c+dir 91 6.884%/default.ida 70 5.295%/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN. 70 5.295%/scripts/root.exe 67 5.068%/scripts/root.exe?/c+dir 67 5.068%/MSADC/root.exe 65 4.917%/MSADC/root.exe?/c+dir 65 4.917%/c/winnt/system32/cmd.exe 65 4.917%/c/winnt/system32/cmd.exe?/c+dir 65 4.917%/d/winnt/system32/cmd.exe 63 4.766%/d/winnt/system32/cmd.exe?/c+dir 63 4.766%/membin/.%255c./.%255c./.%255c./winnt/system32/cmd.e.

C Windows System32 Cmd.exe

52 3.933%/membin/.%255c./.%255c./.%255c./winnt/system32/cmd.e. 52 3.933%/msadc/.%255c./.%255c./.%255c/.%c1%1c./.%c1%1c./.%. 50 3.782%/msadc/.%255c./.%255c./.%255c/.%c1%1c./.%c1%1c./.%. FromIf you have been monitoring your web log files (or web statistics for that matter) recently, you would undoubtedly have noticed the sudden flood of requests for a certain 'default.ida' file located in your main web directory. This is what has happened to one of my sites, thefreecountry.com, where my delight at the traffic increase turned to dismay when I realised the source of increase in traffic.This request for the default.ida file is actually the result of the Code Red II worm (or as some call it, the Code Red II Virus) having infected some other web server on the Internet, and attempting to infect the web server running your site.

255c Winnt System32 Cmd Exe C Directory

It makes requests for the default.ida file because on Microsoft's IIS web server running on Windows NT and 2000, this may take advantage of a vulnerability in that server, allowing it to infect it.Note that it does not matter what operating system your site is running on. As long as there are infected Microsoft IIS web servers somewhere on the Internet, there is a chance that your site will be targeted. Of course if you are not running on a Microsoft web server on a Microsoft operating system, you need not worry that your server will be infected. However, there are nonetheless steps that you may wish to take in the wake of these attacks. I will deal with the two situations of your site running on an IIS web server and an Apache (or other) web server separately.