From owner-freebsd-security Mon Feb 1 21:58:16 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA15790 for freebsd-security-outgoing; Mon, 1 Feb 1999 21:58:16 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mta1-rme.xtra.co.nz (mta.xtra.co.nz [203.96.92.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA15785 for ; Mon, 1 Feb 1999 21:58:10 -0800 (PST) (envelope-from junkmale@pop3.xtra.co.nz) Received: from wocker ([210.55.210.87]) by mta1-rme.xtra.co.nz (InterMail v04.00.02.07 201-227-108) with SMTP id <19990202055804.YRQY682101.mta1-rme@wocker> for ; Tue, 2 Feb 1999 18:58:04 +1300 From: "Dan Langille" Organization: The FreeBSD Diary To: freebsd-security@FreeBSD.ORG Date: Tue, 2 Feb 1999 18:58:07 +1300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: what were these probes? Reply-to: junkmale@xtra.co.nz X-mailer: Pegasus Mail for Win32 (v3.01d) Message-Id: <19990202055804.YRQY682101.mta1-rme@wocker> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi folks, Tonight I found these entries in my log files. What were they looking for? Was this a spammer looking for exploits? http: ns.cvvm.com - - [02/Feb/1999:17:34:28 +1300] "GET /cgi-bin/phf HTTP/1.0" 404 164 ns.cvvm.com - - [02/Feb/1999:17:34:29 +1300] "GET /cgi-bin/Count.cgi HTTP/1.0" 404 170 ns.cvvm.com - - [02/Feb/1999:17:34:30 +1300] "GET /cgi-bin/test-cgi HTTP/1.0" 404 169 ns.cvvm.com - - [02/Feb/1999:17:34:31 +1300] "GET /cgi-bin/php.cgi HTTP/1.0" 404 168 ns.cvvm.com - - [02/Feb/1999:17:34:32 +1300] "GET /cgi-bin/handler HTTP/1.0" 404 168 ns.cvvm.com - - [02/Feb/1999:17:34:33 +1300] "GET /cgi-bin/webgais HTTP/1.0" 404 168 ns.cvvm.com - - [02/Feb/1999:17:34:34 +1300] "GET /cgi-bin/websendmail HTTP/1.0" 404 172 ns.cvvm.com - - [02/Feb/1999:17:34:34 +1300] "GET /cgi-bin/webdist.cgi HTTP/1.0" 404 172 ns.cvvm.com - - [02/Feb/1999:17:34:38 +1300] "GET /cgi-bin/faxsurvey HTTP/1.0" 404 170 ns.cvvm.com - - [02/Feb/1999:17:34:39 +1300] "GET /cgi-bin/htmlscript HTTP/1.0" 404 171 ns.cvvm.com - - [02/Feb/1999:17:34:40 +1300] "GET /cgi-bin/pfdisplay.cgi HTTP/1.0" 404 174 ns.cvvm.com - - [02/Feb/1999:17:34:41 +1300] "GET /cgi-bin/perl.exe HTTP/1.0" 404 169 ns.cvvm.com - - [02/Feb/1999:17:34:43 +1300] "GET /cgi-bin/wwwboard.pl HTTP/1.0" 404 172 ns.cvvm.com - - [02/Feb/1999:17:34:47 +1300] "GET /cgi- bin/ews/ews/architext_query.pl HTTP/1.0" 404 187 ns.cvvm.com - - [02/Feb/1999:17:34:48 +1300] "GET /cgi-bin/jj HTTP/1.0" 404 163 telnet: Feb 2 17:34:20 ns telnetd[29665]: refused connect from ns.cvvm.com Feb 2 17:34:20 ns telnetd[29667]: refused connect from ns.cvvm.com sendmail: Feb 2 17:34:25 ns sendmail[29666]: NOQUEUE: Null connection from root@ns.cvvm.com [139.142.106.131] Feb 2 17:34:51 ns sendmail[29668]: NOQUEUE: Null connection from root@ns.cvvm.com [139.142.106.131] -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message