In recent weeks, AWStats has shown much "Code Red"-
like activity in its "HTTP Error Codes/404 Not Found"
It would be useful if this kind of activity could be
categorised on a separate page, perhaps with a DNS
lookup of the offending hostnames.
There would probably have to be some configuration
options to allow the format of the requested 'unknown'
page to be recognised as a worm/virus attack rather
than a genuine bad page request, though currently this
shouldn't be too difficult - it's easy to spot the
requests for 'cmd.exe' and 'pages' from
directory 'scripts' or '/d/winnt/system32'.
Log in to post a comment.