[Webdev] Weird SSL logs
ocalladw at tcd.ie
Tue Aug 28 11:13:50 IST 2001
On Tue, Aug 28, 2001 at 10:53:16AM -0400, AJ McKee wrote:
> Should have read the advisory this morning before I sent it. Thooough thanks.
> It is a good thing that it is running APACHE however I can forsee one
> problem. One box's when diskspace is limited this could be a problem. As it
> fills the logs really really quicky. And it has a certain annonace factor as
> well as the logs have to be "cleaned" now ;-(
> However http://www.linuxbrit.co.uk/index.php?date=20010809 which someone sent
> me is quite funny however I don't think it is legal? Not too sure on that one.
> I would presume that it would be "reasonnable" for you to take steps in order
> to prevent the attack of your box, however does shuting down the offending
> box result in anouther offence being commited? Or is it reasonable self
> defence in a sense.
Hmmm. Seems fairly reasonable to me. At this stage, a box infected
with Code Red has to be under the control of someone without a clue.
I'd guess that most of them are ADSL lamers in the States or similar.
Either that or Microsoft themselves:
So by shutting down the IIS server that they probably forgot was running,
or have been too lazy to patch, you're doing us all a favour!
Then again, as with all IIS patches, the server has to be rebooted, so
that may be stopping people applying the patch when it is needed. I'd
imagine that's what got Microsoft.
More information about the Webdev