Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Somebody has tried to break in. What to do with him?
  • From: Douglas Trainor <trainor@xxxxxxx>
  • Date: Fri, 04 Jan 2002 14:38:06 -0600
  • Message-id: <3C3612AE.9E864CCC@xxxxxxx>
You may have a full-time job in the future doing just reporting!

It's somewhat likely that anyone scanning like that would forge the IP address...

douglas

alexeys@xxxxxxxxxxxxx wrote:

> Hello,
>
> look at the log. Is the a way to report on that guy?
>
> - Alexey.
>
> 139.130.148.203 - - [03/Jan/2002:11:45:17 -0800] "HEAD /....../etc/hosts
> HTTP/1.1" 404 0 "-" "Mozilla/5.0"
> 139.130.148.203 - - [03/Jan/2002:11:45:16 -0800] "HEAD /../../../../etc/hosts
> HTTP/1.1" 400 0 "-" "Mozilla/5.0"
> 139.130.148.203 - - [03/Jan/2002:11:36:02 -0800] "HEAD
> /cgi-bin/shop.cgi/page=../../../../etc/passwd HTTP/1.1" 404 0 "-" "Mozilla/5.0"
> 139.130.148.203 - - [03/Jan/2002:11:30:22 -0800] "HEAD /../../passwd HTTP/1.1"
> 400 0 "-" "Mozilla/5.0"
> 139.130.148.203 - - [03/Jan/2002:11:30:19 -0800] "HEAD /../../passwd HTTP/1.1"
> 400 0 "-" "Mozilla/5.0"
> 139.130.148.203 - - [03/Jan/2002:11:30:16 -0800] "HEAD /../../../etc/passwd
> HTTP/1.1" 400 0 "-" "Mozilla/5.0"
> 139.130.148.203 - - [03/Jan/2002:11:30:13 -0800] "HEAD /../../../../etc/passwd
> HTTP/1.1" 400 0 "-" "Mozilla/5.0"
> 139.130.148.203 - - [03/Jan/2002:11:30:10 -0800] "HEAD /../../etc/passwd
> HTTP/1.1" 400 0 "-" "Mozilla/5.0"
>
> { http://trelony.cjb.net/ } Alexey N. Solofnenko
> { http://www.inventigo.com/ } Inventigo LLC
> Pleasant Hill, CA (GMT-8 usually)
>
> -------------------------------------------------
> This mail sent through IMP: https://mail.inventigo.com/horde/imp/
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx


< Previous Next >
Follow Ups
References