[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Raq4 Intrusion

Subject: RE: [cobalt-users] Raq4 Intrusion
From: "Phil Beynon" <Infolink@xxxxxxxxxxxxxxx>
Date: Thu Feb 14 06:57:03 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Hi
> Any ideas on nature of this intrusion:-
>  "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 228 "-" "-"
>  "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 226 "-" "-"
>  "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 236 "-" "-"
>  "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 236 "-" "-"
>  "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 302 252 "-" "-"
>  "GET
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+
> dir HTTP/1.0" 302 273 "-" "-"
> thanks
> Lewis

Lewis,
It's just a IIs server still afflicted with the Nimda virus that's taking a
poke at you, nothing to be worried about at all on a Linux box.
Just irritating that so many IIs servers are STILL unpatched even after all
this time.

Phil

http://www.diygear.com THE Online DIY Toolstore For DIY & Business
Infolink Electronic Systems Ltd. Suppliers of:- PC based Computer Systems,
Peripheral & Hardware, Plus Web Design & Cobalt Raq4 Hosting Solutions
Contact the Sales desk at  infolink@xxxxxxxxxxxxxxx or Tel 0121 458 4894
(office) 0121 441 3558 (home)

References:
- [cobalt-users] Raq4 Intrusion
  - From: lewis . tim

Prev by Date: [cobalt-users] mail-logging from cobalt-aid
Next by Date: [cobalt-users] Digest authentication
Previous by thread: Re: [cobalt-users] Raq4 Intrusion
Next by thread: [cobalt-users] Re:Cron <root@ns> run-parts /etc/cron.weekly

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index