[Xitami] Error log shows hacking attempts?
Gregory Hart
xitami@lists.xitami.org
Sat, 15 Jun 2002 20:53:35 -0700
I searched for Xitami exploits and http://www.securiteam.com/ had quite a few of them. They were all for Xitami 2.4 or 2.5, but the
beta versions varried. If you're interested, I'd recommend checking it out.
-Greg
----- Original Message -----
From: eric hamel <erh51@yahoo.com>
To: <xitami@lists.xitami.org>
Sent: Saturday, June 15, 2002 4:05 PM
Subject: Re: [Xitami] Error log shows hacking attempts?
Someone may have already answered this...I'm a bit
behind on my mail.
Anyway, using your log examples:
This is an example of a Nimda infected server trying
to contact and infect another server (MS)...Xitami is
not vulnerable to this.
24.197.171.236 - - [07/Jun/2002:06:17:55 -0600] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 0 "" ""
Next in line-
24.80.126.251 - - [10/Jun/2002:18:53:34 -0600] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNN
This is the signature of a Redcode, or is it Codered
infected server reaching out to touch someone...again
Xitami is not affected by it.
The one I'd be concerned about is this one-
63.124.119.130 - - [10/Jun/2002:15:04:22 -0600] "GET
/cgi-bin/testcgi
HTTP/1.1" 404 0 "http://budogeeks.tzo.com/"
"Mozilla/4.0 (compatible;
MSIE
I would want to know why someone is looking for
testcgi on the system! At least they got a 404 <LOL>
Actually, the best bet is to run any unusual lines in
the search engines , minus the url's, and see what
comes up. Also, runa search in the engines of Xitami
exploits and see what you find...then correct it on
your system.
Hope that helped.
Eric
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
--
Xitami Users Mailing List -- For Xitami support
To unsubscribe: http://lists.xitami.org/mailman/listinfo/xitami