Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

HOW TO MANAGE LOG FILES (AND STATISTICS) CORRUPTED BY WORMS ATTACKS ?

attacks corrupted files log manage statistics worms
0
Posted

HOW TO MANAGE LOG FILES (AND STATISTICS) CORRUPTED BY WORMS ATTACKS ?

0 CommentsAdd a Comment

1 Answer

0

PROBLEM: My site is attacked by some worms viruses (like Nimba, Code Red…). This make my log file corrupted and full of 404 errors. So my statistics are also full of 404 errors. This make AWStats slower and my history files very large. Can I do something to avoid this ? SOLUTION: Yes. ‘Worms’ attacks are infected browsers, robots or server changed into web client that make hits on your site using a very long unknown URL like this one: /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%40%50…%40%50 URL is generated by the infected robot and the purpose is to exploit a vulnerability of the web server (In most cases, only IIS is vulnerable). With such attacks, you will will always find a ‘common string’ in those URLs. For example, with Code Red worm, there is always default.ida in the URL string. Some other worms send URLs with cmd.exe in it. With 6.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.