[Dshield] Re: Any threats here?

John Hardin johnh at aproposretail.com
Tue Jun 25 16:28:41 GMT 2002


On Tue, 2002-06-25 at 07:16, Michael Johnson wrote:
> Hi all.
> I'm not in panic mode but below are the stats for our "off-site" web-hosted e-mail.  It's a linux box using SquirrelMail version
> 1.0.6;  and Apache (ver unk).  Telnet and ftp have been disabled, and the only I can get a shell is via SSH2 (latest ver).  I see
> most of these are trying to hit NT boxes but are there any which I should be concerned about?
> 
> 
> REPORTED FROM SITE ACTIVITY ERROR LOG:
> cat /var/log/websvr/dweeb.log | awk '{print $1}'
> 
> /scripts/..%255c../winnt/system32/cmd.exe
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
> /scripts/..%5c../winnt/system32/cmd.exe
> /scripts/..%5c../winnt/system32/cmd.exe?/c+dir
> /scripts/root.exe

Sigh.

Has anyone done mod_tarpit yet?

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 Any time that PR dominates the information stream, you can't trust
 the information.
                                               - CRYPTO-GRAM 01/2002
-----------------------------------------------------------------------
 5 days until First Class postage goes up to 37 cents




More information about the list mailing list