From owner-freebsd-security Tue Feb 2 01:39:34 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA15777 for freebsd-security-outgoing; Tue, 2 Feb 1999 01:39:34 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mta1-rme.xtra.co.nz (mta.xtra.co.nz [203.96.92.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA15768 for ; Tue, 2 Feb 1999 01:39:29 -0800 (PST) (envelope-from junkmale@pop3.xtra.co.nz) Received: from wocker ([210.55.210.87]) by mta1-rme.xtra.co.nz (InterMail v04.00.02.07 201-227-108) with SMTP id <19990202093923.ZZMV682101.mta1-rme@wocker> for ; Tue, 2 Feb 1999 22:39:23 +1300 From: "Dan Langille" Organization: The FreeBSD Diary To: freebsd-security@FreeBSD.ORG Date: Tue, 2 Feb 1999 22:39:26 +1300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: what were these probes? Reply-to: junkmale@xtra.co.nz In-reply-to: <19990202055804.YRQY682101.mta1-rme@wocker> X-mailer: Pegasus Mail for Win32 (v3.01d) Message-Id: <19990202093923.ZZMV682101.mta1-rme@wocker> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org 'm planning to include the logs on one of my webpages. Seeing as I've just posted this publicly anyway, I can't really see any issues surrounding that. Can you? On 2 Feb 99, at 18:58, Dan Langille wrote: > Hi folks, > > Tonight I found these entries in my log files. What were they looking > for? Was this a spammer looking for exploits? > > http: > > ns.cvvm.com - - [02/Feb/1999:17:34:28 +1300] "GET /cgi-bin/phf HTTP/1.0" > 404 164 > ns.cvvm.com - - [02/Feb/1999:17:34:29 +1300] "GET /cgi-bin/Count.cgi > HTTP/1.0" 404 170 > ns.cvvm.com - - [02/Feb/1999:17:34:30 +1300] "GET /cgi-bin/test-cgi > HTTP/1.0" 404 169 > ns.cvvm.com - - [02/Feb/1999:17:34:31 +1300] "GET /cgi-bin/php.cgi > HTTP/1.0" 404 168 > ns.cvvm.com - - [02/Feb/1999:17:34:32 +1300] "GET /cgi-bin/handler > HTTP/1.0" 404 168 > ns.cvvm.com - - [02/Feb/1999:17:34:33 +1300] "GET /cgi-bin/webgais > HTTP/1.0" 404 168 > ns.cvvm.com - - [02/Feb/1999:17:34:34 +1300] "GET /cgi-bin/websendmail > HTTP/1.0" 404 172 > ns.cvvm.com - - [02/Feb/1999:17:34:34 +1300] "GET /cgi-bin/webdist.cgi > HTTP/1.0" 404 172 > ns.cvvm.com - - [02/Feb/1999:17:34:38 +1300] "GET /cgi-bin/faxsurvey > HTTP/1.0" 404 170 > ns.cvvm.com - - [02/Feb/1999:17:34:39 +1300] "GET /cgi-bin/htmlscript > HTTP/1.0" 404 171 > ns.cvvm.com - - [02/Feb/1999:17:34:40 +1300] "GET /cgi-bin/pfdisplay.cgi > HTTP/1.0" 404 174 > ns.cvvm.com - - [02/Feb/1999:17:34:41 +1300] "GET /cgi-bin/perl.exe > HTTP/1.0" 404 169 > ns.cvvm.com - - [02/Feb/1999:17:34:43 +1300] "GET /cgi-bin/wwwboard.pl > HTTP/1.0" 404 172 > ns.cvvm.com - - [02/Feb/1999:17:34:47 +1300] "GET /cgi- > bin/ews/ews/architext_query.pl HTTP/1.0" 404 187 > ns.cvvm.com - - [02/Feb/1999:17:34:48 +1300] "GET /cgi-bin/jj HTTP/1.0" > 404 163 > > > telnet: > > Feb 2 17:34:20 ns telnetd[29665]: refused connect from ns.cvvm.com > Feb 2 17:34:20 ns telnetd[29667]: refused connect from ns.cvvm.com > > sendmail: > > Feb 2 17:34:25 ns sendmail[29666]: NOQUEUE: Null connection from > root@ns.cvvm.com [139.142.106.131] > Feb 2 17:34:51 ns sendmail[29668]: NOQUEUE: Null connection from > root@ns.cvvm.com [139.142.106.131] > > -- > Dan Langille > The FreeBSD Diary > http://www.FreeBSDDiary.com/freebsd > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message