[Gllug] Code Blue
John Hearns
john.hearns at framestore.co.uk
Tue Sep 18 15:45:18 UTC 2001
Looks like there is a new worm out there.
I've had several emails from securityfocus,
and also there's a thread on Slashdot.
We're being quite aggressively scanned at the moment,
for example:
193.96.228.56 - - [18/Sep/2001:14:52:05 +0100] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 208
193.96.228.56 - - [18/Sep/2001:14:52:05 +0100] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218
193.96.228.56 - - [18/Sep/2001:14:52:05 +0100] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218
193.96.228.56 - - [18/Sep/2001:14:52:06 +0100] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
So batten down the hatches, and warn your colleagues running IIS to get
their systems patched...
or run Apache!
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list