From owner-freebsd-questions  Fri Feb 22  7:43:25 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from marlo.eagle.ca (marlo.eagle.ca [209.167.16.10])
	by hub.freebsd.org (Postfix) with ESMTP id B2B9C37B405
	for <freebsd-questions@freebsd.org>; Fri, 22 Feb 2002 07:43:19 -0800 (PST)
Received: from Bob (staff.eagle.ca [209.167.16.15])
	by marlo.eagle.ca (8.11.3/8.11.3) with ESMTP id g1MFdMn84413;
	Fri, 22 Feb 2002 10:39:22 -0500 (EST)
	(envelope-from freymann@scaryg.shacknet.nu)
From: freymann@scaryg.shacknet.nu
To: Jim Freeze <jfreeze@freebsdportal.com>,
	freebsd-questions@freebsd.org
Date: Fri, 22 Feb 2002 10:44:34 -0500
MIME-Version: 1.0
Subject: Re: Script Kiddies Trying to Hack Me?
Message-ID: <3C762112.26179.65CEBA@localhost>
In-reply-to: <20020222102602.A14033@freebsdportal.com>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On 22 Feb 2002 at 10:26, Jim Freeze wrote:

> I was just browsing my log files on a site/ip address that has
> been live less than 12 hrs and came across:
> 
> 63.219.136.226 - - [22/Feb/2002:09:29:18 -0500] "GET
> /scripts/root.exe?/c+dir HTTP/1.0" 404 285  63.219.136.226 - -
> [22/Feb/2002:09:29:18 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404

 Nimba. Read this url:

http://www.sarc.com/avcenter/venc/data/w32.nimda.a@mm.html

 Nothing to worry 'bout on Unix platforms, it's strictly a Microsoft IIS 
exploit.

 There are some neat modules you can load into Apache that will 
automatically respond and email the admins of the remote systems. 
Go to cpan.org and search for Apache::CodeRed and Apache::Nimba 
if you want to do that.

Gerry --------
Web hosting / Domain Hosting / Dns Services
Come visit us at www.interpool.ca
--------------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message