Date: Wed, 14 Nov 2001 08:35:20 +0200 From: "Toomas Aas" <toomas.aas@raad.tartu.ee> To: freebsd-questions@FreeBSD.ORG, Chip <chip@wiegand.org> Subject: Re: Do these errors mean my system is comprimised? Message-ID: <200111140636.fAE6aEv01550@lv.raad.tartu.ee> In-Reply-To: <0111131938440F.60958@chip.wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Chip! On 13 Nov 01 at 19:38 you wrote: > I found the following on my apache/freebsd/php/mysql server in my log after > running analog - > Looks like someone planted something that wants NT to work correctly - > > 111: /scripts/..%255c../winnt/system32/cmd.exe > 111: /scripts/..%255c../winnt/system32/cmd.exe?/c+dir > 106: /scripts/..%5c../winnt/system32/cmd.exe [...snip...] Someone attempted to exploit the Nimda worm against your server. Since you are not running Microsoft IIS (I hope!), your system has nothing to fear from it (except flooding the logfiles with junk). -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * To define recursion, we must first define recursion. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111140636.fAE6aEv01550>