From owner-freebsd-isp Wed Sep 26 7:40:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from nexusinternetsolutions.net (nx1.nexusinternetsolutions.net [204.50.158.10]) by hub.freebsd.org (Postfix) with SMTP id 8737037B40E for ; Wed, 26 Sep 2001 07:40:09 -0700 (PDT) Received: (qmail 75961 invoked from network); 26 Sep 2001 14:36:44 -0000 Received: from unknown (HELO WS1) (204.50.158.15) by nx1.nexusinternetsolutions.net with SMTP; 26 Sep 2001 14:36:44 -0000 From: "Dave" To: Subject: hack or virus? Date: Wed, 26 Sep 2001 10:39:32 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Have a bunch of apache error log entries appearing recently... did a traceroute/dig etc... on the IP address... nothing, suspect this is an infected windows box trying to propogate its virus payload. Or is some kid trying to hack us? [Wed Sep 26 10:22:02 2001] [error] [client 204.50.92.13] File does not exist: /usr/local/www/data/nx1/scripts/..Áœ../winnt/system32/cmd.exe [Wed Sep 26 10:22:03 2001] [error] [client 204.50.92.13] File does not exist: /usr/local/www/data/nx1/scripts/..%5c../winnt/system32/cmd.exe [Wed Sep 26 10:22:03 2001] [error] [client 204.50.92.13] File does not exist: /usr/local/www/data/nx1/scripts/..%2f../winnt/system32/cmd.exe Obviously this particular incident isn't bothering us greatly since we don't have any NT servers in our network, however it is disturbing. Comments or insights appreciated. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message