Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
that's just code red / blue trying to attack M$'s IIS server. Every running apache in the world probably logs at least 5 of those attacks every single day.
i've had at least 12 so far today. i'd guess some prominent servers get literally thuosands every day at the moment.
Damn. Okay, third try.
I'm actually running Apache via Windows until I get my other computer working and Apache set up under linux on this comp. And in the 3 days since it went online, there have been no reports of the virus.
hi,
let me tell u that my apache access.log contains so many of these lines .. . bluecadet said he had 12 so far .. does each line in the log file indicate an attack?or a bunch of lines ....?how do u get that..
Yes Anoop_chandran, each complete line represents one request made to that server, so each line can be considered an attack.
An IP address can be a spoofed address or a compromised host (human or by worm) or if they're stupid, their real addy.
If you wanted to do The Good Thing you could fire off a warning message to their upstream provider notifying them of the intrusion attempts.
Just don't expect any replies, cuz the adm staff usually is too busy doin Other Important Things, and since those stupid wintendo firewalls started making automated attack notifications noone (at ISP's) really bothers with them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.