It never rains, but it pours. I manage to solve one problem, now I have another one.

I run an HTTP server off of my Windows 2000 Server box. It just contains my webpage etc. My problem now is, when my HTTP server is running, it dumps large amounts of temp files into the root directory, as you can see in the attached pic. Can anybody tell me why its doing this, and how to stop it? Its very annoying.

This just in: Windows just gave me a "application log is full" error. I checked it out, and its all about the web server (although I don't know to what they are refering to). I deleted it. So, I've come to believe that every time it writes one of these temp files, it writes a warning to the system log. Interesting.

- run Linux.

I have praticed with APache and it is p*** easy to set up and use.

Simply install it, put your pages in the right place and viola!

I am still on dial-up so I'm a little bit away from web hosting yet, but I know that Apache works.

I'll stick w/ Windows, thanks. I know how to work Windows. I don't know how to work Linux, and I'm too lazy to learn.

Originally posted by penguinfreak
- run Linux.

I have praticed with APache and it is p*** easy to set up and use.

Simply install it, put your pages in the right place and viola!

I am still on dial-up so I'm a little bit away from web hosting yet, but I know that Apache works.

That doesn't solve his problem. The AMD users were just yelled at for telling Intel users to run AMD to solve their problems. Please, if you can't fix his problem, say so, not tell the person to run something else.

Now, those are FTP logs. Unless you are running an FTP server, with a lot of access, looks like you were hit with either CodeRed and/or Nimda. It looks like they have come in and tried to use the logs to overflow your memory to gain access.

Look in your IIS logs and see if you have any entries with a long string of AAA's XXX's or NNN's. If you do, then do a word search on Worm. If you find worm in your logs, your best bet is a format. Sorry, but it is the easiest and the recommended way to get rid of a CodeRed infection. As for Nimda, look for IP's that are trying to access your cmd.exe and run \scripts in your logs. If you are seeing this, update your virus scan, and do a complete system scan. Also apply the latest service pack and any patches pertaining to Nimda. If you run Exchange get the latest updates and hot fixes for it also. I would also unhook this thing from the internet and your home network if you have one. Also check all other machines on the network, Nimda can spread through shared folders and drives.

Once you do that, go to the properties of your logs and ensure that "Overwrite as necessary" is checked, this will stop it from filling up.

Thanks for the help Kingslayer, and the defence. I just happen to like Windows 2000 :)

I was running an FTP and HTTP, but I've shut them down for the timebeing (Don't need to infect anybody else just incase I *am* infected). Now, about the IIS logs and the strings of XXX's. Do you mean like this (see attached image 2). I can't find Worm in any of my logs. I hope thats a good sign. There are also a lot of logs trying to access scripts (see attached image 3) Through Admin.dll.

And as you can see through the image attached w/ this post, there is something interesing here. The underlined piece says Code+Red+Strikeback. I did install a hotfix the other day, so it might pertain to that, but I'm not sure. Thank you for the help.

Image 2

Image 3

Bump