[olug] Is this a virus?
Phil Brutsche
phil at brutsche.us
Tue May 21 18:47:12 UTC 2002
Jonathan Warren wrote:
> I am getting these in my access.log. Any suggestions on how to shut up the offending servers?
Well...
1) Ignore him - that's Code Red/Nimda/IIS worm of the week, and this is
a Linux box it's futilely trying to infect
2) Firewall 'im off with iptables or ipchains or pfctl or ipf or ipfw or
... (whatever is appropriate for your environment)
Actually shutting him down can be anything ranging from a wild goose
chase to downright illegal. First thing to do is report him to
abuse at cox.net (or whatever the appropriate address is) - 68.13.41.165 is
in Cox's residential service address block. Trying to report him is
the "wild goose chase" part :)
Phil
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
More information about the OLUG
mailing list