Forum OpenACS Q&A: log question

Collapse
1: log question
Posted by Pavel Boghita on 08/05/03 10:17 AM
81.5.210.39 - - [05/Aug/2003:07:14:39 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 538 "" ""

I keep getting similar entries in the site.log. Is this something I need to worry about ?
Would anyone be kind enough to tell me what it means ?

Thanks.

Collapse
2: Re: log question (response to 1)
Posted by Pavel Boghita on 08/05/03 10:21 AM
sorry please ignore the above. It would have helped to do a google search on this before posting...
Collapse
3: Re: log question (response to 1)
Posted by Pavel Boghita on 08/05/03 10:23 AM
and in case anyone else is interested:
http://www.thesitewizard.com/news/coderediiworm.shtml
Collapse
4: Re: log question (response to 1)
Posted by James Harris on 08/06/03 05:35 AM

If you keep an eye on your logs you will often see strange request strings like the above. 99 times out of 100 they are compromised IIS servers and nothing to worry about for *NIX admins.