Reviews, updates and in depth guides to your favourite mobile games - AppGamer.com
|
|
Nimda or some other virus.. |
Page: 1 | Reply |
Dec 15th 2001 | #23455 Report |
Member since: May 24th 2001 Posts: 358 |
My home server keeps getting spammed by servers that have caught a virus and are looking for others to pass it on (or something) I get them in bursts every.. hour or so and they typically look like this. 64.180.148.114 localhost - [14/Dec/2001:23:40:46 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 868 "" "" Error reading "C:\HTTPD\HTDOCS\scripts\..S5c..\winnt\system32\cmd.exe" - The system cannot find the path specified. 64.180.148.114 localhost - [14/Dec/2001:23:40:45 - Except about 50 times more attempts. Any idea what the hell is going on or how I can stop it? I'm running omnihttp by omnicrom.ca on a win98 box with php4 installed on an adsl line. The firewall I use is zonealarm. |
Reply with Quote Reply |
Dec 15th 2001 | #23457 Report |
Member since: Mar 20th 2001 Posts: 3367 |
get an anti virus software? format your harddisk? don't open anymore emails? don't switch on you pc? don't touch urself so no virus will attack u? |
Reply with Quote Reply |
Dec 15th 2001 | #23459 Report |
Member since: May 24th 2001 Posts: 358 |
Eh? The problem isn't with my computer, it's with others scanning me constantly. |
Reply with Quote Reply |
Dec 16th 2001 | #23554 Report |
Member since: Mar 24th 2001 Posts: 3734 |
#1) Yes, that is Nimda. Well you are running a web server then? Are you running PWS? If so, check for updates. If you are just running something allows you to run PHP stuff on there, look for security updates through the provider of the software. Also, make sure that your default web directory is NOT located on your C: drive. If you put it on an extended partition or a different volume, then you don't have to worry about anything. Also, if your software allows you to, install a free 3rd party software program such as URLScan to ensure that nobody can send such requests to your web server. Do a little research on what Nimda can do to the configuration that you have running, and you'll come up with 1,000 answers. |
Reply with Quote Reply |
Dec 16th 2001 | #23568 Report |
Member since: Mar 18th 2001 Posts: 1690 |
[QUOTE]64.180.148.114 localhost - [14/Dec/2001:23:40:46 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 868 "" "" [/QUOTE] if that is the error message you are getting on YOUR server's error log, then YOU yourself have been infected by this virus. Patch your webserver. Patch your servers operating system. get virus updates. remove your computer from the network, scan for virii. keep scanning until none are found and all are fixed. |
Reply with Quote Reply |
Dec 16th 2001 | #23577 Report |
Member since: Mar 24th 2001 Posts: 3734 |
That exact line there does not say whether his is infected or not. That line there is the request that an infected machine is sending to his machine.
|
Reply with Quote Reply |
Page: 1 | Back to top |
Please login or register above to post in this forum |
© Web Media Network Limited. All rights reserved. No part of this website may be reproduced without written permission. Photoshop is a registered trademark of Adobe Inc.. TeamPhotoshop.com is not associated in any way with Adobe, nor is an offical Photoshop website. |