From owner-freebsd-stable Thu Dec 27 18:53:46 2001 Delivered-To: freebsd-stable@freebsd.org Received: from pr0n.kutulu.org (pr0n.kutulu.org [151.196.107.157]) by hub.freebsd.org (Postfix) with ESMTP id DEEC737B416 for ; Thu, 27 Dec 2001 18:53:43 -0800 (PST) Received: from cc191573g (cc191573-g.longhill1.md.home.com [24.37.104.136]) by pr0n.kutulu.org (Postfix) with SMTP id 7E7D9E2; Thu, 27 Dec 2001 21:55:27 -0500 (EST) Message-ID: <00be01c18f62$d67b5b20$88682518@cc191573g> From: "Kutulu" To: "Peter Ong" , References: <013a01c18f48$f156cf20$0101a8c0@haloflightleader.net> Subject: Re: Trying NT Hacks Date: Thu, 27 Dec 2001 21:45:20 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG From: "Peter Ong" Sent: Thursday, December 27, 2001 6:39 PM > I don't know what it is with some people. I post my site here today because > I was wondering about why the initial page was gibberrish, and then I get > crackers. I finally get home, and I'm reviewing my log files, and I'm > seeing some folks trying to use IIS/NT exploits on my FreeBSD machine. It's > infuriating. I have some bad news for you. Those hack attempts weren't because you posted a URL here. They were because you have a web server. Put up a web server on any IP, without so much as a DNS A record for the IP, and wait an hour. You'll have code red all over your logfiles. It may or may not do much good, but try emailing the owners of some of the IP's that hit you. Odds are very very high that they are 'innocent' victims running unpatched IIS servers that may not even know they're probing you. And if they have any semblance of clue, they might fix it. --K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message