Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What's all this about? It looks to me like someone thinks I am running an NT server and they are trying to crack in. Is this correct? What should I do about it?
I also have seen that second one in my logs. I assumed just by the looks of it that it was some sort or hack, but at least now I know that I don't have to worry about it.
It is of course annoying though. I hope catalyst4000 gets an answer on how to block this, I would like to configure my server to ignore this type of thing.
might not be a bad idea to tracert or whois the IP and send the domain an e-mail informing them that their crappy M$ IIS server is infected and attempted to infect your web server.
be a bit more polite then that, but you get the point. also copy/paste the log entry for them so they can see the details and can verify it at their end. well let me clerify that. they will at least have the information to verify it, but as they are infected by a virus that has had a fix out for well over a year they are probably to dumb to konw what to do about it. but at least they have been notified.
you could also just add their IP to your -J DROP in your iptables rules if you really want to be cruel about it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.