[Xitami] Error log shows hacking attempts?

eric hamel xitami@lists.xitami.org
Sat, 15 Jun 2002 16:05:36 -0700 (PDT)

Previous message: [Xitami] Error log shows hacking attempts?
Next message: [Xitami] Error log shows hacking attempts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Someone may have already answered this...I'm a bit
behind on my mail.

Anyway, using your log examples:
This is an example of a Nimda infected server trying
to  contact and infect another server (MS)...Xitami is
not vulnerable to this.

24.197.171.236 - - [07/Jun/2002:06:17:55 -0600] "GET
 /scripts/root.exe?/c+dir HTTP/1.0" 404 0 "" ""

Next in line-
24.80.126.251 - - [10/Jun/2002:18:53:34 -0600] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNN

This is the signature of a Redcode, or is it Codered
infected server reaching out to touch someone...again
Xitami is not affected by it.

The one I'd be concerned about is this one-
63.124.119.130 - - [10/Jun/2002:15:04:22 -0600] "GET
/cgi-bin/testcgi
HTTP/1.1" 404 0 "http://budogeeks.tzo.com/"
"Mozilla/4.0 (compatible; 
MSIE

I would want to know why someone is looking for
testcgi on the system! At least they got a 404 <LOL>

Actually, the best bet is to run any unusual lines in
the search engines , minus the url's, and see what
comes up. Also, runa search in the engines of Xitami
exploits and see what you find...then correct it on
your system.

Hope that helped.

Eric


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Previous message: [Xitami] Error log shows hacking attempts?
Next message: [Xitami] Error log shows hacking attempts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]