faqts : Computers : Internet : Web Servers : Apache

+ Search
Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

69 of 75 people (92%) answered Yes
Recently 9 of 10 people (90%) answered Yes

Entry

what is the .ida file extension, and why is someone looking for it at my server?

Nov 15th, 2001 17:21
Anthony Boyd, blue rose,


You probably saw requests like this:
default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Well, that is the Code Red virus, trying to break into your server.  
Code Red was very indiscriminate -- it would try to find that file on 
any Web server, even though only IIS servers could be hacked by it.
What was happening was that Code Red had broken into some clueless 
person's computer.  It then used that clueless person's computer to 
attempt to break into your computer.  You are not clueless, you are 
running Apache.  So the attack did nothing to you.
If you had been clueless, that string of X's (or N's) would be Code 
Red's attempt to overflow the buffer of the default.ida file, which 
typically is available on IIS servers.  Once overflowed, it would be 
able to infect the computer running IIS.  Finally, at pre-scheduled 
dates, all the infected computers on the Internet would attempt a DoS 
attack on the whitehouse Web site.  DoS = Denial of Service (basically, 
flooding the whitehouse Web site with bogus requests).