[thelist] domain under attack??
Maryanna Nesina
mar at MN1052.srv.pu.ru
Tue Dec 18 08:18:09 CST 2001
Hi, Apache would stay this atack :)) Only IIS-like web servers on Win/NT
would crash. It's Nimda-virus send by those, whose PC are infected. If you
like, you can anilize your log and send letters to their admins (Perl-script
would help) If not - you can do nothing
Regards,
Maryanna Nesina
mar at mail.bio.pu.ru
> hiya!
>
> one of the little domains for which i'm the webmaster appears to be under
> attack. i'm not sure what to do.
>
> the host is all apache. when i look at the list of documents not found in
my
> server log reports, i see a huge list of files the hackers are after,
which
> luckily don't exist, becuase it's not a windows server and i don't use
front
> page:
>
> /scripts/..%5c../winnt/system32/cmd.exe [Referrers] 993
> /scripts/root.exe [Referrers] 981
> /MSADC/root.exe [Referrers] 972
> /c/winnt/system32/cmd.exe [Referrers] 966
> /d/winnt/system32/cmd.exe [Referrers] 959
> /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Referrers] 954
> /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Referrers] 952
> /msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe
> [Referrers] 951
> /scripts/..Á ../winnt/system32/cmd.exe [Referrers] 948
>
> the numbers after the names are the times they have tried to access the
> files. from looking at my logs, it seems right now that about 50% of the
> site's accesses are these kind of probes.
>
> what should i do, if anything, besides contact my hosting service?
>
> any hints, tips, and advice, deeply appreciated!
>
> tia,
>
> f
>
> --------------------------------------------------------------------------
--
> --------------------
> The views and opinions expressed in this email message are the sender's
> own, and do not necessarily represent the views and opinions of Summit
> Systems Inc.
>
>
> --
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !
>
More information about the thelist
mailing list