Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
AW: [suse-security] apache log
  • From: "OKDesign oHG Security Administrator" <security@xxxxxxxxxxx>
  • Date: Mon, 28 Jan 2002 15:02:10 +0100
  • Message-id: <FGEALAMNBLCMCJGBFHKOMECPCCAA.security@xxxxxxxxxxx>
Hi Thomas,

be happy you've changed to Linux Apache.
You seem to be scanned by a worm (the scans I recently have had were from
nimbda) which tries to get in your system by calling cmd.com in different
directories.
As you're now running linux you have nothing to worry; this worm can only
infect windoze-IIS-systems.

Stephan

-----Urspr√ľngliche Nachricht-----
Von: Thomas Neukirch [mailto:thomas.neukirch@xxxxxxxxxxx]
Gesendet: Montag, 28. Januar 2002 14:38
An: suse-security@xxxxxxxx
Betreff: [suse-security] apache log


hi list,

a few month ago i changed my website from microsoft iis to linux/apache.

the following line is in the access_log (same like in iis-log):

213.168.123.157 - - [24/Jan/2002:20:47:25 +0100] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 294

can anyone explain me whats going on here ?

thank you



--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx



< Previous Next >
References