C55aps10.exe Bombing every hour - Code Red? 
Author Message
 C55aps10.exe Bombing every hour - Code Red?

Has anybody else had this problem?  The app broker does a Dr. Watson
about every hour.  We are only running the 50 user application broker -
the exe not the dll for IIS.  We are not running IIS.  We had the same
problem about 2 weeks ago and  it just went away.  I noticed the thread
on Code Red this morning, but everything there was about using IIS and
the app broker dll.  There have been no changes moved into place on our
production apps in over 4 weeks.  I don't think they are the problem.  I
was wondering if anyone else has had this since Code Red uses port 80
and the app broker is on that port.

--
Kelly Orr
GoldTech Computer Services, Inc.
http://www.*-*-*.com/
478 Pistol Club Road
Easley, South Carolina 29640
864-294-0138 Voice
864-246-1454 Fax



Tue, 20 Jan 2004 04:44:09 GMT  
 C55aps10.exe Bombing every hour - Code Red?
After installing WIN2000 service pack 2, our application broker crashed in
the same timeframe (between 5 minutet to one hour)..
After uninstalling the service pack we are now up and running again.

Poul Hegelund



Quote:
> Has anybody else had this problem?  The app broker does a Dr. Watson
> about every hour.  We are only running the 50 user application broker -
> the exe not the dll for IIS.  We are not running IIS.  We had the same
> problem about 2 weeks ago and  it just went away.  I noticed the thread
> on Code Red this morning, but everything there was about using IIS and
> the app broker dll.  There have been no changes moved into place on our
> production apps in over 4 weeks.  I don't think they are the problem.  I
> was wondering if anyone else has had this since Code Red uses port 80
> and the app broker is on that port.

> --
> Kelly Orr
> GoldTech Computer Services, Inc.
> http://www.goldtechservices.com
> 478 Pistol Club Road
> Easley, South Carolina 29640
> 864-294-0138 Voice
> 864-246-1454 Fax



Tue, 20 Jan 2004 16:33:19 GMT  
 C55aps10.exe Bombing every hour - Code Red?
Kelly,

We have justed started using the 50 user application exe broker
and we have exactly the same problem. I have sent emails to
softvelocity and our UK supplier but have not yet had a reply.

The 10 user that we had before seemed to work ok.

I was just about to post on this site when i saw your message.

Please help someone. This is causing us loads of grief. We have
loaded the microsoft code red patches. We have the same
problem on our NT server and 2000 server.

Bob


Quote:
> Has anybody else had this problem?  The app broker does a Dr. Watson
> about every hour.  We are only running the 50 user application broker -
> the exe not the dll for IIS.  We are not running IIS.  We had the same
> problem about 2 weeks ago and  it just went away.  I noticed the thread
> on Code Red this morning, but everything there was about using IIS and
> the app broker dll.  There have been no changes moved into place on our
> production apps in over 4 weeks.  I don't think they are the problem.  I
> was wondering if anyone else has had this since Code Red uses port 80
> and the app broker is on that port.

> --
> Kelly Orr
> GoldTech Computer Services, Inc.
> http://www.goldtechservices.com
> 478 Pistol Club Road
> Easley, South Carolina 29640
> 864-294-0138 Voice
> 864-246-1454 Fax



Tue, 20 Jan 2004 19:15:02 GMT  
 C55aps10.exe Bombing every hour - Code Red?
Rob,

For right now, we have just been restarting the broker.  I don't think the
problem is Softvelocity's, however, they may be able to fix it.  I saw where
the what the Code Red worm uses to get in is a buffer overrun.  That is
probably what is crashing the broker.  Have you tried using a port other than
80?  Since that is the default for HTTP servers, will someone be able to
access it without specifically adding the port to the request?

Quote:

> Kelly,

> We have justed started using the 50 user application exe broker
> and we have exactly the same problem. I have sent emails to
> softvelocity and our UK supplier but have not yet had a reply.

> The 10 user that we had before seemed to work ok.

> I was just about to post on this site when i saw your message.

> Please help someone. This is causing us loads of grief. We have
> loaded the microsoft code red patches. We have the same
> problem on our NT server and 2000 server.

> Bob



> > Has anybody else had this problem?  The app broker does a Dr. Watson
> > about every hour.  We are only running the 50 user application broker -
> > the exe not the dll for IIS.  We are not running IIS.  We had the same
> > problem about 2 weeks ago and  it just went away.  I noticed the thread
> > on Code Red this morning, but everything there was about using IIS and
> > the app broker dll.  There have been no changes moved into place on our
> > production apps in over 4 weeks.  I don't think they are the problem.  I
> > was wondering if anyone else has had this since Code Red uses port 80
> > and the app broker is on that port.

> > --
> > Kelly Orr
> > GoldTech Computer Services, Inc.
> > http://www.goldtechservices.com
> > 478 Pistol Club Road
> > Easley, South Carolina 29640
> > 864-294-0138 Voice
> > 864-246-1454 Fax

--
Kelly Orr
GoldTech Computer Services, Inc.
http://www.goldtechservices.com
478 Pistol Club Road
Easley, South Carolina 29640
864-294-0138 Voice
864-246-1454 Fax


Tue, 20 Jan 2004 19:33:54 GMT  
 C55aps10.exe Bombing every hour - Code Red?
Hi Folks:

If this is indeed the Code-Red worm you should be able to clear it by
rebooting your server. The Code-Red worm is supposed to be an "in memory"
only worm and should go away after a reboot.

Regards

Quote:

>Rob,

>For right now, we have just been restarting the broker.  I don't think the
>problem is Softvelocity's, however, they may be able to fix it.  I saw where
>the what the Code Red worm uses to get in is a buffer overrun.  That is
>probably what is crashing the broker.  Have you tried using a port other than
>80?  Since that is the default for HTTP servers, will someone be able to
>access it without specifically adding the port to the request?


>> Kelly,

>> We have justed started using the 50 user application exe broker
>> and we have exactly the same problem. I have sent emails to
>> softvelocity and our UK supplier but have not yet had a reply.

>> The 10 user that we had before seemed to work ok.

>> I was just about to post on this site when i saw your message.

>> Please help someone. This is causing us loads of grief. We have
>> loaded the microsoft code red patches. We have the same
>> problem on our NT server and 2000 server.

>> Bob



>> > Has anybody else had this problem?  The app broker does a Dr. Watson
>> > about every hour.  We are only running the 50 user application broker -
>> > the exe not the dll for IIS.  We are not running IIS.  We had the same
>> > problem about 2 weeks ago and  it just went away.  I noticed the thread
>> > on Code Red this morning, but everything there was about using IIS and
>> > the app broker dll.  There have been no changes moved into place on our
>> > production apps in over 4 weeks.  I don't think they are the problem.  I
>> > was wondering if anyone else has had this since Code Red uses port 80
>> > and the app broker is on that port.

>> > --
>> > Kelly Orr
>> > GoldTech Computer Services, Inc.
>> > http://www.goldtechservices.com
>> > 478 Pistol Club Road
>> > Easley, South Carolina 29640
>> > 864-294-0138 Voice
>> > 864-246-1454 Fax

>--
>Kelly Orr
>GoldTech Computer Services, Inc.
>http://www.goldtechservices.com
>478 Pistol Club Road
>Easley, South Carolina 29640
>864-294-0138 Voice
>864-246-1454 Fax



Wed, 21 Jan 2004 20:28:52 GMT  
 C55aps10.exe Bombing every hour - Code Red?
Just for everyones information we have changed the port number
to 81 (from default 80) and this seems to have cured the problem.

Bob


Quote:
> Hi Folks:

> If this is indeed the Code-Red worm you should be able to clear it by
> rebooting your server. The Code-Red worm is supposed to be an "in memory"
> only worm and should go away after a reboot.

> Regards


> >Rob,

> >For right now, we have just been restarting the broker.  I don't think
the
> >problem is Softvelocity's, however, they may be able to fix it.  I saw
where
> >the what the Code Red worm uses to get in is a buffer overrun.  That is
> >probably what is crashing the broker.  Have you tried using a port other
than
> >80?  Since that is the default for HTTP servers, will someone be able to
> >access it without specifically adding the port to the request?


> >> Kelly,

> >> We have justed started using the 50 user application exe broker
> >> and we have exactly the same problem. I have sent emails to
> >> softvelocity and our UK supplier but have not yet had a reply.

> >> The 10 user that we had before seemed to work ok.

> >> I was just about to post on this site when i saw your message.

> >> Please help someone. This is causing us loads of grief. We have
> >> loaded the microsoft code red patches. We have the same
> >> problem on our NT server and 2000 server.

> >> Bob



> >> > Has anybody else had this problem?  The app broker does a Dr. Watson
> >> > about every hour.  We are only running the 50 user application
broker -
> >> > the exe not the dll for IIS.  We are not running IIS.  We had the
same
> >> > problem about 2 weeks ago and  it just went away.  I noticed the
thread
> >> > on Code Red this morning, but everything there was about using IIS
and
> >> > the app broker dll.  There have been no changes moved into place on
our
> >> > production apps in over 4 weeks.  I don't think they are the problem.
I
> >> > was wondering if anyone else has had this since Code Red uses port 80
> >> > and the app broker is on that port.

> >> > --
> >> > Kelly Orr
> >> > GoldTech Computer Services, Inc.
> >> > http://www.goldtechservices.com
> >> > 478 Pistol Club Road
> >> > Easley, South Carolina 29640
> >> > 864-294-0138 Voice
> >> > 864-246-1454 Fax

> >--
> >Kelly Orr
> >GoldTech Computer Services, Inc.
> >http://www.goldtechservices.com
> >478 Pistol Club Road
> >Easley, South Carolina 29640
> >864-294-0138 Voice
> >864-246-1454 Fax



Fri, 23 Jan 2004 15:49:42 GMT  
 C55aps10.exe Bombing every hour - Code Red?
Bob,

This has worked for us, however, you have to add a ":81" to the end of the
address string or it can't get into the broker.  We seem to be getting some kind
of denial of service attack because there is constant activity coming across the
router into our server that was not there before.  It can't go anywhere and I
tested using a tool from Symantec that shows that our server is not vulnerable
to the Code Red worm.  However, the constant hammering against it trying to get
in is really annoying.  I am trying to get our service provider to trace where
it is coming from.

Quote:

> Just for everyones information we have changed the port number
> to 81 (from default 80) and this seems to have cured the problem.

> Bob



> > Hi Folks:

> > If this is indeed the Code-Red worm you should be able to clear it by
> > rebooting your server. The Code-Red worm is supposed to be an "in memory"
> > only worm and should go away after a reboot.

> > Regards


> > >Rob,

> > >For right now, we have just been restarting the broker.  I don't think
> the
> > >problem is Softvelocity's, however, they may be able to fix it.  I saw
> where
> > >the what the Code Red worm uses to get in is a buffer overrun.  That is
> > >probably what is crashing the broker.  Have you tried using a port other
> than
> > >80?  Since that is the default for HTTP servers, will someone be able to
> > >access it without specifically adding the port to the request?


> > >> Kelly,

> > >> We have justed started using the 50 user application exe broker
> > >> and we have exactly the same problem. I have sent emails to
> > >> softvelocity and our UK supplier but have not yet had a reply.

> > >> The 10 user that we had before seemed to work ok.

> > >> I was just about to post on this site when i saw your message.

> > >> Please help someone. This is causing us loads of grief. We have
> > >> loaded the microsoft code red patches. We have the same
> > >> problem on our NT server and 2000 server.

> > >> Bob



> > >> > Has anybody else had this problem?  The app broker does a Dr. Watson
> > >> > about every hour.  We are only running the 50 user application
> broker -
> > >> > the exe not the dll for IIS.  We are not running IIS.  We had the
> same
> > >> > problem about 2 weeks ago and  it just went away.  I noticed the
> thread
> > >> > on Code Red this morning, but everything there was about using IIS
> and
> > >> > the app broker dll.  There have been no changes moved into place on
> our
> > >> > production apps in over 4 weeks.  I don't think they are the problem.
> I
> > >> > was wondering if anyone else has had this since Code Red uses port 80
> > >> > and the app broker is on that port.

> > >> > --
> > >> > Kelly Orr
> > >> > GoldTech Computer Services, Inc.
> > >> > http://www.goldtechservices.com
> > >> > 478 Pistol Club Road
> > >> > Easley, South Carolina 29640
> > >> > 864-294-0138 Voice
> > >> > 864-246-1454 Fax

> > >--
> > >Kelly Orr
> > >GoldTech Computer Services, Inc.
> > >http://www.goldtechservices.com
> > >478 Pistol Club Road
> > >Easley, South Carolina 29640
> > >864-294-0138 Voice
> > >864-246-1454 Fax

--
Kelly Orr
GoldTech Computer Services, Inc.
http://www.goldtechservices.com
478 Pistol Club Road
Easley, South Carolina 29640
864-294-0138 Voice
864-246-1454 Fax


Fri, 23 Jan 2004 23:20:58 GMT  
 C55aps10.exe Bombing every hour - Code Red?
There are actually two versions of the Code Red worm, the second one writes
files to your hard drive (look for root.exe to see if your machine is
infected).
See http://vil.mcafee.com/dispVirus.asp?virus_k=99177&&cid=2399 for full
details of both versions of the Code Red worm.

Sean Cameron


Quote:
> Hi Folks:

> If this is indeed the Code-Red worm you should be able to clear it by
> rebooting your server. The Code-Red worm is supposed to be an "in memory"
> only worm and should go away after a reboot.

> Regards


> >Rob,

> >For right now, we have just been restarting the broker.  I don't think
the
> >problem is Softvelocity's, however, they may be able to fix it.  I saw
where
> >the what the Code Red worm uses to get in is a buffer overrun.  That is
> >probably what is crashing the broker.  Have you tried using a port other
than
> >80?  Since that is the default for HTTP servers, will someone be able to
> >access it without specifically adding the port to the request?


> >> Kelly,

> >> We have justed started using the 50 user application exe broker
> >> and we have exactly the same problem. I have sent emails to
> >> softvelocity and our UK supplier but have not yet had a reply.

> >> The 10 user that we had before seemed to work ok.

> >> I was just about to post on this site when i saw your message.

> >> Please help someone. This is causing us loads of grief. We have
> >> loaded the microsoft code red patches. We have the same
> >> problem on our NT server and 2000 server.

> >> Bob



> >> > Has anybody else had this problem?  The app broker does a Dr. Watson
> >> > about every hour.  We are only running the 50 user application
broker -
> >> > the exe not the dll for IIS.  We are not running IIS.  We had the
same
> >> > problem about 2 weeks ago and  it just went away.  I noticed the
thread
> >> > on Code Red this morning, but everything there was about using IIS
and
> >> > the app broker dll.  There have been no changes moved into place on
our
> >> > production apps in over 4 weeks.  I don't think they are the problem.
I
> >> > was wondering if anyone else has had this since Code Red uses port 80
> >> > and the app broker is on that port.

> >> > --
> >> > Kelly Orr
> >> > GoldTech Computer Services, Inc.
> >> > http://www.goldtechservices.com
> >> > 478 Pistol Club Road
> >> > Easley, South Carolina 29640
> >> > 864-294-0138 Voice
> >> > 864-246-1454 Fax

> >--
> >Kelly Orr
> >GoldTech Computer Services, Inc.
> >http://www.goldtechservices.com
> >478 Pistol Club Road
> >Easley, South Carolina 29640
> >864-294-0138 Voice
> >864-246-1454 Fax



Sat, 24 Jan 2004 15:51:55 GMT  
 
 [ 8 post ] 

 Relevant Pages 

1. Maximum concurrent users C55APS10.EXE

2. File size code still bombing

3. update every second or every resched()?

4. Code Red worm and typed languages

5. C5B: Where to add code in template for every module generated

6. Code Red

7. execute code every set time

8. need code for red-black binary search tree

9. Fun with httpd logs and code red

10. Execute code after every tcl command?

11. Nimda/Code Red Log File Entries

12. about code red worm and its offspring...

 

 
Powered by phpBB® Forum Software