[thelist] domain under attack??

[Maryanna Nesina]

Hi, Apache would stay this atack :)) Only IIS-like web servers on Win/NT
would crash. It's Nimda-virus send by those, whose PC are infected. If you
like, you can anilize your log and send letters to their admins (Perl-script
would help)  If not - you can do nothing
Regards,
Maryanna Nesina
mar at mail.bio.pu.ru


> hiya!
>
> one of the little domains for which i'm the webmaster appears to be under
> attack. i'm not sure what to do.
>
> the host is all apache. when i look at the list of documents not found in
my
> server log reports, i see a huge list of files the hackers are after,
which
> luckily don't exist, becuase it's not a windows server and i don't use
front
> page:
>
>  /scripts/..%5c../winnt/system32/cmd.exe [Referrers]  993
>  /scripts/root.exe [Referrers]  981
>  /MSADC/root.exe [Referrers]  972
>  /c/winnt/system32/cmd.exe [Referrers]  966
>  /d/winnt/system32/cmd.exe [Referrers]  959
>  /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Referrers]  954
>  /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Referrers]  952
>  /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe
> [Referrers]  951
>  /scripts/..Á ../winnt/system32/cmd.exe [Referrers]  948
>
> the numbers after the names are the times they have tried to access the
> files. from looking at my logs, it seems right now that about 50% of the
> site's accesses are these kind of probes.
>
> what should i do, if anything, besides contact my hosting service?
>
> any hints, tips, and advice, deeply appreciated!
>
> tia,
>
> f
>
> --------------------------------------------------------------------------
--
> --------------------
> The views and opinions expressed in this email message are the sender's
> own, and do not necessarily represent the views and opinions of Summit
> Systems Inc.
>
>
> --
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !
>