From owner-freebsd-isp Wed Sep 26 7:42:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ext-ch1gw-3.online-age.net (ext-ch1gw-3.online-age.net [216.34.191.37]) by hub.freebsd.org (Postfix) with ESMTP id DEEDE37B41F for ; Wed, 26 Sep 2001 07:42:39 -0700 (PDT) Received: from int-ch1gw-4.online-age.net (int-ch1gw-4 [3.159.232.68]) by ext-ch1gw-3.online-age.net (8.9.3+Sun/8.9.1/990426-RLH) with ESMTP id KAA06825; Wed, 26 Sep 2001 10:42:34 -0400 (EDT) Received: from crdns.crd.ge.com (localhost [127.0.0.1]) by int-ch1gw-4.online-age.net (8.9.3+Sun/8.9.1/990426-RLH) with ESMTP id KAA07484; Wed, 26 Sep 2001 10:42:33 -0400 (EDT) Received: from exc01crdge.crd.ge.com (exc01crdge.crd.ge.com [3.1.116.47]) by crdns.crd.ge.com (8.9.3/8.9.3) with ESMTP id KAA20188; Wed, 26 Sep 2001 10:42:33 -0400 (EDT) Received: by exc01crdge.crd.ge.com with Internet Mail Service (5.5.2653.19) id ; Wed, 26 Sep 2001 10:42:32 -0400 Message-ID: From: "Lapinski, Michael (CRD)" To: "'Dave'" , freebsd-isp@FreeBSD.ORG Subject: RE: hack or virus? Date: Wed, 26 Sep 2001 10:42:30 -0400 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Its nimda, code red, etc worms propagating themselves. -------------------------------------------------- Michael Lapinski Computer Scientist GE Corporate Research & Development "I think there is a world market for maybe five computers." - IBM Chairman Thomas Watson, 1943 -----Original Message----- From: Dave [mailto:dave@nexusinternetsolutions.net] Sent: Wednesday, September 26, 2001 10:40 AM To: freebsd-isp@FreeBSD.ORG Subject: hack or virus? Have a bunch of apache error log entries appearing recently... did a traceroute/dig etc... on the IP address... nothing, suspect this is an infected windows box trying to propogate its virus payload. Or is some kid trying to hack us? [Wed Sep 26 10:22:02 2001] [error] [client 204.50.92.13] File does not exist: /usr/local/www/data/nx1/scripts/..Aoe../winnt/system32/cmd.exe [Wed Sep 26 10:22:03 2001] [error] [client 204.50.92.13] File does not exist: /usr/local/www/data/nx1/scripts/..%5c../winnt/system32/cmd.exe [Wed Sep 26 10:22:03 2001] [error] [client 204.50.92.13] File does not exist: /usr/local/www/data/nx1/scripts/..%2f../winnt/system32/cmd.exe Obviously this particular incident isn't bothering us greatly since we don't have any NT servers in our network, however it is disturbing. Comments or insights appreciated. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message