From owner-freebsd-questions Fri Nov 16 1:16:55 2001 Delivered-To: freebsd-questions@freebsd.org Received: from spaceport.skyforge.net (spaceport.skyforge.net [217.204.199.162]) by hub.freebsd.org (Postfix) with ESMTP id 403B437B416 for ; Fri, 16 Nov 2001 01:16:51 -0800 (PST) Received: from bubbles (bubbles.skyforge.net [217.204.199.165]) by spaceport.skyforge.net (8.12.1/8.11.6) with SMTP id fAG9Gx7c070351; Fri, 16 Nov 2001 09:17:00 GMT (envelope-from davidr@skyforge.net) Message-ID: <005b01c16e7f$7792dce0$a5c7ccd9@skyforge.net> From: "David Richards" To: "Keith Spencer" Cc: References: <20011116024710.22642.qmail@web12005.mail.yahoo.com> Subject: Re: Is this an attack guys???Help! Date: Fri, 16 Nov 2001 09:17:07 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 Disposition-Notification-To: "David Richards" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG yes and no! it is the IIS virus scanner scanning your machine for iis to expliot, As you dont run IIS you can ignore the messages. if you go to www.freebsddiary.org I believe there is an article on how to block it. david ----- Original Message ----- From: "Keith Spencer" To: "fbsd" Sent: Friday, November 16, 2001 2:47 AM Subject: Is this an attack guys???Help! > Hi all, > This is an Apache error log snippet. > My server is infact FreeBSD 4.4 > I often find these page request errors from the same > address or one of the same C-class space. > IT looks lke an attack to me...What thinks you? > Thanks Keith > +++++++++++++++++++++++++++++++++++ > [Fri Nov 16 12:05:42 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/scripts/root.exe > [Fri Nov 16 12:05:42 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/MSADC/root.exe > [Fri Nov 16 12:05:43 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/c/winnt/system32/cmd.exe > [Fri Nov 16 12:05:43 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/d/winnt/system32/cmd.exe > [Fri Nov 16 12:05:44 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/scripts/..%5c../winnt/system32/cmd.exe > [Fri Nov 16 12:05:45 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e xe > [Fri Nov 16 12:05:45 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e xe > [Fri Nov 16 12:05:46 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winn t/system32/cmd.exe > [Fri Nov 16 12:05:47 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/scripts/..Á../winnt/system32/cmd.exe > [Fri Nov 16 12:05:47 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/scripts/..À¯../winnt/system32/cmd.exe > [Fri Nov 16 12:05:48 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/scripts/..Áo../winnt/system32/cmd.exe > [Fri Nov 16 12:05:49 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/scripts/..%5c../winnt/system32/cmd.exe > [Fri Nov 16 12:05:50 2001] [error] [client > 203.56.114.7] File does not exist: > /usr/share/wwwroot/www/scripts/..%2f../winnt/system32/cmd.exe > > > http://shopping.yahoo.com.au - Yahoo! Shopping > - Get organised for Christmas early this year! > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message