TCS - Web Server Eaten By Worms

Web Server Eaten By Worms

by Don Singleton
Tulsa Computer Society
From the August 2001 issue of the I/O Port Newsletter

You may have noticed the TCS website was down for a few days in early August. We were not the only site down. The APCUG website, along with all of the other User Group Websites APCUG hosts were down because of either the Code Red Worm or a related NT Shutdown Worm.

The CodeRed Worm affects Microsoft Index Server 2.0 and the Windows 2000 Indexing service on computers running Microsoft Windows NT 4.0 and Windows 2000 that run IIS 4.0 and 5.0 Web servers. The worm uses a known buffer overflow vulnerability contained in the file Idq.dll.

We knew about this vulnerability from the problems last month and a Microsoft patch for Code Red and another patch for the related NT Shutdown Worm had been installed on two of the three APCUG servers hosted at Online Site Services but for some reason we could not get it to go on the server hosting the web sites (which was the most important one).

Thanks to the assistance of Van Dorsey from Client1st and Robert Morris from Managed Information Systems of Oklahoma I was finally able to get it up by late Friday evening, and will be spending the rest of the weekend getting the other UG WebSites which APCUG hosts back up.

This will delay the generation of the August issue of the I/O Port by a week or more. Sorry about that.



For more information on the Tulsa Computer Society click here




Tulsa Computer Society 8/04/2001
Don Singleton, President