> -----Original Message----- > From: Joshua Melbourne White [mailto:jmwhite3@ncsu.edu] > Sent: Tuesday, November 26, 2002 7:02 AM > To: psyche-list@redhat.com > Subject: Re: Mmm.. Is someone trying to hack me? > > > Thanks for the input. I tried doing what you said with > iptables, but it > doesnt recognize it as a command. Any suggestions? I would just ignore it. I believe it is the Nimda virus that started about a year ago. Someone has a compromised Win IIS server, which is trying to spread the worm. I still get these to this day, but not near the volume. The fortunate thing is that it only affects IIS and not Apache as is evidenced by the failure below. > > > 199.203.11.241 - - [26/Nov/2002:01:43:58 -0500] "GET > > > /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" > 404 346 "-" "-" > > > > > > Doesn't look too good to me. Can someone explain what > this person was > > > trying to do? Whatever he did, it gave the following error: > > > > > > [Tue Nov 26 01:43:58 2002] [error] [client > 199.203.11.241] File does not > > > exist: /var/www/html/scripts > > > > > > Thanks for any help. JMF -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
