Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Nov 2001 12:55:23 -0500
From:      Louis LeBlanc <leblanc+freebsd@keyslapper.org>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Do these errors mean my system is comprimised?
Message-ID:  <20011114175522.GB38737@keyslapper.org>
In-Reply-To: <0111132304280G.60958@chip.wiegand.org>
References:  <200111140636.fAE6aEv01550@lv.raad.tartu.ee> <0111132304280G.60958@chip.wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--JYK4vJDZwFMowpUq
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 11/13/01 11:04 PM, Chip sat at the `puter and typed:
> On Tuesday 13 November 2001 22:35, Toomas Aas wrote:
> > Hi Chip!
> >
> > On 13 Nov 01 at 19:38 you wrote:
> > > I found the following on my apache/freebsd/php/mysql server in my log
> > > after running analog -
> > > Looks like someone planted something that wants NT to work correctly -
> > >
> > >  111: /scripts/..%255c../winnt/system32/cmd.exe
> > >  111:   /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
> > >  106: /scripts/..%5c../winnt/system32/cmd.exe
> >
> > [...snip...]
> >
> > Someone attempted to exploit the Nimda worm against your server.
> > Since you are not running Microsoft IIS (I hope!),=20
>=20
> Heck no! Not on my life! Heh, heh. I have apache on FreeBSD (see above).
> I have to put up with IIS at work, and what an unreliable piece it is! I =
also=20

Hence the 'aftermarket acronyms' IIS -> It Isn't Secure.
                                 IIS -> It Isn't Stable.
=2E . .
:D

> have an apache server at work, and it just keeps going, and going, and go=
ing.=20
> Heh heh. :-)

Yup.  I have to restart mine because I get renumbered from time to
time, but that's it.

L
--=20
Louis LeBlanc               leblanc@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org                     =D4=BF=D4=AC

Live long and prosper.
    -- Spock, "Amok Time", stardate 3372.7

--JYK4vJDZwFMowpUq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE78rAKeAPWYrNkRWIRAg9lAJwKk4vM27YCLfD7j9zBtoyjlkRlwwCfZhA/
OD4VpLne//VeUwZfh1Yh464=
=P+WG
-----END PGP SIGNATURE-----

--JYK4vJDZwFMowpUq--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011114175522.GB38737>