From owner-freebsd-stable Thu Dec 27 18:56: 2 2001 Delivered-To: freebsd-stable@freebsd.org Received: from viator.haloflightleader.net (adsl-63-197-56-193.dsl.lsan03.pacbell.net [63.197.56.193]) by hub.freebsd.org (Postfix) with ESMTP id AC77637B416 for ; Thu, 27 Dec 2001 18:55:56 -0800 (PST) Received: from enterprise ([192.168.1.254]) by viator.haloflightleader.net (8.11.6/8.11.6) with SMTP id fBS3lWp02925; Thu, 27 Dec 2001 19:47:32 -0800 (PST) (envelope-from peter@haloflightleader.net) Message-ID: <016001c18f4a$da2fc480$0101a8c0@haloflightleader.net> From: "Peter Ong" To: "Kutulu" , References: <013a01c18f48$f156cf20$0101a8c0@haloflightleader.net> <00be01c18f62$d67b5b20$88682518@cc191573g> Subject: Re: Trying NT Hacks Date: Thu, 27 Dec 2001 18:53:38 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I guess I'm judging too quickly. Anyway, there hasn't been a successful break in just yet. Now I'm wondering if there's some extra precautions I can take to ensure that a break in doesn't occur. Peter ----- Original Message ----- From: "Kutulu" To: "Peter Ong" ; Sent: Thursday, December 27, 2001 9:45 PM Subject: Re: Trying NT Hacks > From: "Peter Ong" > Sent: Thursday, December 27, 2001 6:39 PM > > > > I don't know what it is with some people. I post my site here today > because > > I was wondering about why the initial page was gibberrish, and then I get > > crackers. I finally get home, and I'm reviewing my log files, and I'm > > seeing some folks trying to use IIS/NT exploits on my FreeBSD machine. > It's > > infuriating. > > I have some bad news for you. Those hack attempts weren't because you > posted a URL here. They were because you have a web server. Put up a web > server on any IP, without so much as a DNS A record for the IP, and wait an > hour. You'll have code red all over your logfiles. > > It may or may not do much good, but try emailing the owners of some of the > IP's that hit you. Odds are very very high that they are 'innocent' victims > running unpatched IIS servers that may not even know they're probing you. > And if they have any semblance of clue, they might fix it. > > --K > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message