Re: [cobalt-users] hacked? NetTracker

["WebFusion System Administrator" <graeme.f@xxxxxxxxxxxxxxx>]

Frank (info@edirectamerica) wrote:

> Does this mean we got hacked? tia...frank
>
> Visit Began: Thursday, July 13, 2000 at 11:10 p.m.
<snip>
>       7. 11:10 p.m. /./cfdocs/./ http://www.texasstudentbodies.com/
<snip>
>       9. 11:10 p.m. /./server-status
http://www.texasstudentbodies.com/
>       10. 11:10 p.m. /./cgi-bin/./ http://www.texasstudentbodies.com/
<snip>
...and so on.

No, it doesn't - what it shows though is that someone tried almost all
the old, dated but still very common stooopid vulnerabilities that some
web servers still have out there. If they found any, then... panic not.
Here's a quick description of some of them:

cfdocs - ColdFusion documentation, might mean there's something worth
looking further at.
server-status - an old cgi script that came with several servers and
gave away all sorts of nice info about your machine.
/./cgi-bin/./ - may give out a directory listing of your cgi-bin
directory. (All the other /./blah/./ are attempts at directory lists
too).

Unless you have an old, outdated server (you *are* up-to-date, aren't
you ;-) then you should be OK. Well spotted though!

Best way to see if any of them actually work : try them from a local
machine and hope you get a bunch of 4xx errors...

Best Wishes,

Graeme Fowler
Systems Administrator
graeme.f@xxxxxxxxxxxxxxx

***************************************************************
WebFusion Internet Solutions Ltd.
The UK's Largest Web Hosting Company
http://www.webfusion.co.uk
***************************************************************