Date: Mon, 25 Mar 2002 16:28:08 +1030 From: Greg 'groggy' Lehey <grog@FreeBSD.org> To: Jesse Geddis <sgeine@yahoo.com> Cc: FreeBSD-STABLE <freebsd-stable@freebsd.org> Subject: Re: attempted exploits Message-ID: <20020325162808.K24225@wantadilla.lemis.com> In-Reply-To: <NGBBKILMGLGEDIHMGJANCEKICBAA.sgeine@yahoo.com> References: <NGBBKILMGLGEDIHMGJANCEKICBAA.sgeine@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Format recovered--see http://www.lemis.com/email/email-format.html] Log output wrapped. On Sunday, 24 March 2002 at 21:52:40 -0800, Jesse Geddis wrote: > wow, this person is quite effective. they've been trying this since > this morning 4mins after i got my web server up. been doing it every > half hour for 7 hours lol. trying to execute arbitrary Windows code on > a FreeBSD server! > > [Sun Mar 24 20:41:55 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe > [Sun Mar 24 20:42:05 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..À¯../winnt/system32/cmd.exe > [Sun Mar 24 20:42:10 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe > [Sun Mar 24 20:42:29 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:11 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/root.exe > [Sun Mar 24 21:13:12 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/MSADC/root.exe > [Sun Mar 24 21:13:13 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/c/winnt/system32/cmd.exe > [Sun Mar 24 21:13:14 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/d/winnt/system32/cmd.exe > [Sun Mar 24 21:13:15 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:17 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:19 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe > [Sun Mar 24 21:13:20 2002] [error] [client 63.198.148.139] File does not exist: /archive/www/cia/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe Nimda. http://www.cert.org/advisories/CA-2001-26.html Greg -- When replying to this message, please take care not to mutilate the original text. For more information, see http://www.lemis.com/email.html See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020325162808.K24225>