Date: Wed, 26 Sep 2001 10:42:30 -0400 From: "Lapinski, Michael (CRD)" <lapinski@crd.ge.com> To: "'Dave'" <dave@nexusinternetsolutions.net>, freebsd-isp@FreeBSD.ORG Subject: RE: hack or virus? Message-ID: <E4AAC34FE3CF564D8AE89EB8AC333FD702E72C44@XMB03CRDGE>
next in thread | raw e-mail | index | archive | help
Its nimda, code red, etc worms propagating themselves. -------------------------------------------------- Michael Lapinski Computer Scientist GE Corporate Research & Development "I think there is a world market for maybe five computers." - IBM Chairman Thomas Watson, 1943 -----Original Message----- From: Dave [mailto:dave@nexusinternetsolutions.net] Sent: Wednesday, September 26, 2001 10:40 AM To: freebsd-isp@FreeBSD.ORG Subject: hack or virus? Have a bunch of apache error log entries appearing recently... did a traceroute/dig etc... on the IP address... nothing, suspect this is an infected windows box trying to propogate its virus payload. Or is some kid trying to hack us? [Wed Sep 26 10:22:02 2001] [error] [client 204.50.92.13] File does not exist: /usr/local/www/data/nx1/scripts/..Aoe../winnt/system32/cmd.exe [Wed Sep 26 10:22:03 2001] [error] [client 204.50.92.13] File does not exist: /usr/local/www/data/nx1/scripts/..%5c../winnt/system32/cmd.exe [Wed Sep 26 10:22:03 2001] [error] [client 204.50.92.13] File does not exist: /usr/local/www/data/nx1/scripts/..%2f../winnt/system32/cmd.exe Obviously this particular incident isn't bothering us greatly since we don't have any NT servers in our network, however it is disturbing. Comments or insights appreciated. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E4AAC34FE3CF564D8AE89EB8AC333FD702E72C44>