Re: [cobalt-users] hacked? NetTracker Kill 'em hackers

["Frank Cubillos" <cubillos@xxxxxxxxxxxxxxxxxx>]

Graeme whew thanks man, just got off the phone with a few pissed off ISP's.
Spent the last two hours rummaging through the error log file and found 5
more idiots hammering me. Kill 'em all I say!! Bastards....I am a reformed
spammer (many years ago) so I have a passion for hackers and spammers.
Thanks for the eyes and explanation got a little ballistic LOL

Frank

> Frank (info@edirectamerica) wrote:
>
> > Does this mean we got hacked? tia...frank
> >
> > Visit Began: Thursday, July 13, 2000 at 11:10 p.m.
> <snip>
> >       7. 11:10 p.m. /./cfdocs/./ http://www.texasstudentbodies.com/
> <snip>
> >       9. 11:10 p.m. /./server-status
> http://www.texasstudentbodies.com/
> >       10. 11:10 p.m. /./cgi-bin/./ http://www.texasstudentbodies.com/
> <snip>
> ...and so on.
> No, it doesn't - what it shows though is that someone tried almost all
> the old, dated but still very common stooopid vulnerabilities that some
> web servers still have out there. If they found any, then... panic not.
> Here's a quick description of some of them:
> cfdocs - ColdFusion documentation, might mean there's something worth
> looking further at.
> server-status - an old cgi script that came with several servers and
> gave away all sorts of nice info about your machine.
> /./cgi-bin/./ - may give out a directory listing of your cgi-bin
> directory. (All the other /./blah/./ are attempts at directory lists
> too).
> Unless you have an old, outdated server (you *are* up-to-date, aren't
> you ;-) then you should be OK. Well spotted though!
> Best way to see if any of them actually work : try them from a local
> machine and hope you get a bunch of 4xx errors...
> Best Wishes,
> Graeme Fowler
> Systems Administrator
> graeme.f@xxxxxxxxxxxxxxx

>