Complete.Org: Mailing Lists: Archives: discussion: September 2001:
[aclug-L] Re: Hacker or ??

[aclug-L] Re: Hacker or ??

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	discussion@xxxxxxxxx
Subject:	[aclug-L] Re: Hacker or ??
From:	Maverick <mluvw47@xxxxxxxxx>
Date:	Wed, 19 Sep 2001 17:27:40 -0700 (PDT)
Reply-to:	discussion@xxxxxxxxx

Beside the stuff I found out, I look at my log, there 
is  many entries like:
203.79.191.129 - - [09/Aug/2001:16:34:41 +1200] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%
u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b0
203.79.191.129 - - [09/Aug/2001:16:34:41 +1200] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%
u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b0
....

It clogged my network so badly...anyone has any
solution so far?
Thanks

Mav








--- Dale W Hodge <dwh@xxxxxxxxxxxxxxxx> wrote:
> 
> > -----Original Message-----
> > From: discussion-bounce@xxxxxxxxx
> [mailto:discussion-bounce@xxxxxxxxx]On
> > Behalf Of Maverick
> >
> >
> > uh...seems the  answer is still unknown.. I think
> > shutdown my webserver is the only solution at this
> > point.
> >
> > Mav
> > > > Is that someone try to access my
> > > /var/www/scripts/?
> > > > and my error.log generate something like
> this..
> > > > Tue Sep 18 10:52:27 2001] [error] [client
> > > > 24.234.20.197] File does not exist: /
> > > > var/www/c/winnt/system32/cmd.exe
> > > > [Tue Sep 18 10:52:28 2001] [error] [client
> > > > 24.234.20.197] File does not exist: /
> > > > var/www/d/winnt/system32/cmd.exe
> > > > ....
> > > >
> > > > anyone have any idea? or did I set something
> > > wrong?
> > > > or really have a hacker knocking on my door?
> 
> It's just the latest code red variant trying to find
> MS IIS servers.  It doesn't
> have any effect on Linux/Apache servers other than
> the extra traffic.  My normal
> traffic shows around 400 hits a day, yesterday I
> logged 5300 hits and I'm at
> 2200 hits as of 1PM today. It's mostly a nuisance as
> far as I'm concerned.
> 
> --dwh
> 
> ---
> Dale W Hodge - dwh@xxxxxxxxxxxxxxxx
> Secretary & Website Maintainer - info@xxxxxxxxx
> Air Capital Linux User's Group  (ACLUG)
> ---
> 
> -- This is the discussion@xxxxxxxxx list.  To
> unsubscribe,
> visit
>
http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
> 


__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/
-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

[Prev in Thread]

Current Thread

[Next in Thread]

[aclug-L] Re: Hacker or ??, (continued)
- [aclug-L] Re: Hacker or ??, Ryan Hunt, 2001/09/18
  - [aclug-L] Re: Hacker or ??, Maverick, 2001/09/18

Prev by Date: [aclug-L] Re: Hacker or ??
Next by Date: [aclug-L] Re: Hacker or ??
Previous by thread: [aclug-L] Re: Hacker or ??
Next by thread: [aclug-L] Re: Hacker or ??
Index(es):
- Date
- Thread