[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Extensive Hack Attack - Was C drive hack
- Subject: Re: [cobalt-users] Extensive Hack Attack - Was C drive hack
- From: Marco Baurdoux <linux@xxxxxxxxxxxxx>
- Date: Tue Sep 18 18:35:10 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi
Although I don't like supporting Microsoft solutions, the security breach
was discovered mid 2000 and Microsoft edited a patch for Windows NT 4
machines. So you can easily donwload it from the microsoft website.
Windows 2000 as off service 2 cannot be harmed by this virus.
Now wasn't that amazing Cobalt support !!!! :-))
le 18.9.2001 21:23, Imme Networks Administration à admin@xxxxxxxxxxx a
écrit :
> This is Nimda, we are affected by it and there seems to be no patch unless
> you want to pay for it as of right now. It is only effecting NT machines.
>
> Frank
> ----- Original Message -----
> From: "Nell Bolen" <nell@xxxxxxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Tuesday, September 18, 2001 11:53 AM
> Subject: Re: [cobalt-users] Extensive Hack Attack - Was C drive hack
>
>
>>
>>
>> David Thurman wrote:
>>
>>> on 9-18-01 8:49 AM, Paul Alcock at webmgr@xxxxxxxxxxxxxxxxxx was
> reported to
>>> have made a statement that said this:
>>>
>>>>> I am getting a lot of these logged on every IP routed to my
>>>>> machine that has
>>>>> a site.
>>>>>
>>>>> www.site.com 216.234.235.118 - - [18/Sep/2001:06:49:52 -0700] "GET
>>>>> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
> "-" "-"
>>>>>
>>>>> www.site.com 216.234.199.92 - - [18/Sep/2001:06:51:19 -0700] "GET
>>>>> /MSADC/root.exe?/c+dir HTTP/1.0" 302 231 "-" "-"
>>>>>
>>>>> www.adifferentsite.com 66.12.10.51 - - [18/Sep/2001:06:51:16 -0700]
> "GET
>>>>> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302
>>>>> 254 "-" "-"
>>>> Ditto, the frequency is much worse than code red or code red II
>>>> I'm guessing that I'm logging more than 100 per minute.
>>>> Major pain. Anyway to detect the origin or at least a waypoint?
>>>>
>>>>
>>>> --sig
>>>> Paul Alcock
>>
>> Ditto, we are too. What do the lines mean exactly? Since 9 a.m. and still
> going
>> on I guess, my log shows tons of calls like this from the same IP, and
> also very
>> many different IPs doing the multi calls. Please enlighten, and thank you.
>>
>> Regards, Nell Bolen
>>
>>
>> _______________________________________________
>> cobalt-users mailing list
>> cobalt-users@xxxxxxxxxxxxxxx
>> To Subscribe or Unsubscribe, please go to:
>> http://list.cobalt.com/mailman/listinfo/cobalt-users
>>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
=======================================================================
Marco Baurdoux
Unix Administrator
Infomaniak Network SA
Avenue de la Praille 26
1227 Carouge
Switzerland
Tel: +41 (0)22 820 35 41
Fax: +41 (0)22 820 35 46
http://web.infomaniak.ch
Linux/Unix is very user friendly,
it's just very picky about who its friends are !!!
=======================================================================