That's the signature of one or another of the virus programs that propogate on the web. I think it's code red. google the GET to find the source. On Tue, 27 May 2003 ratem@censanet.com.br wrote:

Hi,

we had a crash few days ago after an abnormal Linux reboot. I had to recover the Zope 2.3.3 Data.fs using tranalyzer and cut the last transactions from Data.fs using Python until it works. Everything now work fine, except from the strange messages Zope have been logging since then:

200.178.188.7 - - [27/May/2003:13:03:41 -0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 274 "" ""

I know HTTP 400 errors are caused by client bad requests, but this never happened before, and there are many source IPs. I checked them and they are from different hosts, many of them well known.

Any idea?

Thanks in advance,

Rogerio

------------------------------------------------- E-mail enviado pelo Webmail CensaNET http://www.censanet.com.br/webmail

_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )