[ic] Ok, Help!! (10 days now)

Robert Brandtjen interchange-users@icdevgroup.org
Wed Aug 21 21:38:03 2002


On Wednesday 21 August 2002 08:19 pm, Brian wrote:
> Actually, those are attempted attacks from infected Microsoft machines.
>
>
> I'd guess that there's something wrong with the cgi-bin part of your
> setup, such as file permissions on the cgi-bin or the foundation (vlink=
)
> in your cgi-bin.  It should normally at least take a while then complai=
n
> about the interchange server being offline or something like that.

It's true that they are infected machines, (nimda virus, code red) but th=
e log=20
entry is normal for that type of entry from the httpd error log, they alw=
ays=20
look like that.

I used to have, but lost, a neat little script (lost and never duplicated=
=20
since it may have been somewhat illegal) that would (since these infected=
=20
machines are essentially rooted) gain the users email addy (if it was=20
available) send them a note telling them their machine had been shutdown=20
since it was infected with the virus, gave them a link to gain more info =
and=20
then, of course, shut it down.

Most of the infect machines out there today (I hope) are kids with a pria=
te=20
version of win2k and havent a clue as to why their cable modem is so busy=
=2E
--=20
 Robert Brandtjen
 --------------------------------------
 Web Site Creation and Hosting Services
 Hostmaster@prometheusmedia.com
 www.prometheusmedia.com