Date: Wed, 26 Sep 2001 10:42:30 -0400 From: "Lapinski, Michael (CRD)" <lapinski@crd.ge.com> To: "'Dave'" <dave@nexusinternetsolutions.net>, freebsd-isp@FreeBSD.ORG Subject: RE: hack or virus? Message-ID: <E4AAC34FE3CF564D8AE89EB8AC333FD702E72C44@XMB03CRDGE>
next in thread | raw e-mail | index | archive | help
Its nimda, code red, etc worms propagating themselves.
--------------------------------------------------
Michael Lapinski
Computer Scientist
GE Corporate Research & Development
"I think there is a world market for maybe five computers."
- IBM Chairman Thomas Watson, 1943
-----Original Message-----
From: Dave [mailto:dave@nexusinternetsolutions.net]
Sent: Wednesday, September 26, 2001 10:40 AM
To: freebsd-isp@FreeBSD.ORG
Subject: hack or virus?
Have a bunch of apache error log entries appearing recently... did a
traceroute/dig etc... on the IP address... nothing, suspect this is an
infected windows box trying to propogate its virus payload. Or is some kid
trying to hack us?
[Wed Sep 26 10:22:02 2001] [error] [client 204.50.92.13] File does not exist:
/usr/local/www/data/nx1/scripts/..Aoe../winnt/system32/cmd.exe
[Wed Sep 26 10:22:03 2001] [error] [client 204.50.92.13] File does not exist:
/usr/local/www/data/nx1/scripts/..%5c../winnt/system32/cmd.exe
[Wed Sep 26 10:22:03 2001] [error] [client 204.50.92.13] File does not exist:
/usr/local/www/data/nx1/scripts/..%2f../winnt/system32/cmd.exe
Obviously this particular incident isn't bothering us greatly since we don't
have any NT servers in our network, however it is disturbing. Comments or
insights appreciated.
Dave
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E4AAC34FE3CF564D8AE89EB8AC333FD702E72C44>