Hi,
I can only say that, stuff like that used to happen to me alot in the past, all because of MS service packs and security patches..
My question is: have you applied any service pack, specially SP2 and any patch?
If so, there could be your problem..
NightWatcher
I don't have the patch, neither will I install it.
MS patches are only good to screw my system up.
I have reinstalled Win2KServer many times over in the past because of those patches and service packs, so, on my last reinstallation I choose, a, no patch policy and the server runs fine ever...
I don't have the patch, neither will I install it.
MS patches are only good to screw my system up.
I have reinstalled Win2KServer many times over in the past because of those patches and service packs, so, on my last reinstallation I choose, a, no patch policy and the server runs fine ever...
Thanks, that was fast.. :-)
Yeah, isn't CODE RED the one that changes the 'default.htm' to something like 'hacked by chinese'??
I think so, at least that's what most pages about CODE RED say.. Anyway, I have restarted the server, which I think will remove the worm from memory..
Correct me if...
Hi..
I have just been visited by a worm, am I infected?
The following are the log lines of the strange visit:
2001-08-01 13:44:07 208.36.124.212 - 0.0.0.0 80 GET /default.ida...
Hi..
I have just been visited by a worm, am I infected?
The following are the log lines of the strange visit:
2001-08-01 13:44:07 208.36.124.212 - 0.0.0.0 80 GET /default.ida...
Thanks.
I have just been visited by a WORM, can anyone tell me what the log is saying:
2001-08-01 13:44:07 208.36.124.212 - 0.0.0.0 80 GET /default.ida...
Thanks..
Yes, those were the only strange lines in the log.
I have not and will not apply any MS patches, as they screw my system up, and I don't want to reinstall Win2KServer again. I also know that some people are imune to the side effects of those patches, so as a generalized rule the best...
If I set my clock forward 1 hour, then everything else would have the wrong times in the logs, FTP server, rendering server, Peer to Peer hub server, all operates from the same machine, not to mention the system time, that would be wrong, event viewer and all that.. I find it very strange that...
Very well, mine says: (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London and is set to automatically adjust clock..
So why is my IIS logs with less one hour?
NightWatcher
Thank you.
You were the first guy that come close to answer the dawm question: "WHY?"..
But still what intrigues me, is that IIS logs everything with exactly one hour less, is my time-out one hour long? I don't think so.. It's not much of a problem, all I have to do, is add one hour...
I can think of 3 things in relation to your problem:
1: A virus.
2: You could have been hacked (it's not unusual for hackers to mess about with the logs, to cover their actions).
3: Someone in your network might have done soemthing, and is trying to cover his tracks by erasing some log...
Never heard any of those terms, maybe it's just my ears..
I'm in the UK, since 1999, and all I know is that over here is GMT.. Where can I check Windows for those things?
Thanks.
NightWatcher
Hello everybody.
Does anyone knows why IIS keeps on logging everything with less one hour?
Let's say that now is 03:00, and I do some action just for it to be logged, then when I go to the logs it shows there, but with 02:00 in the time, what is going on? The time on the server is OK, so how can...
Hello everybody.
Does anyone knows why IIS keeps on logging everything with less one hour?
Let's say that now is 03:00, and I do some action just for it to be logged, then when I go to the logs it shows there, but with 02:00 in the time, what is going on? The time on the server is OK, so how can...
The Red Worm, is the one that changes the default page to '... hacked by chinese' isn't it?
If so, I have no such page modification.
I have just realised, that the logs have a number, by the end of each sentence that denotes the action, and all actions in my case were either denied, or not...
Huumm, from the IUSR_<machine> you should have full control.
Maybe is the SYSTEM that's not present, or not in FULL CONTROL, and because permissions are localized, it's difficult to know where to look for.
Have you applied any security patches and/or SP's?
Do you have any Anti-Virus software...
Okay, I can only comment on the, where to server the pages, based on the requested URL.
After, you have pointed the router to the internal server IP, the router must be able to relay host header information to IIS, so that IIS can server the appropriate pages based on host header information...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.