Date: Sun, 08 Apr 2001 00:33:21 +1000 From: Kal Torak <kaltorak@quake.com.au> To: Jim Weeks <jim@siteplus.com> Cc: freebsd-isp@freebsd.org Subject: Re: Look familiar? Message-ID: <3ACF2531.49B7CC17@quake.com.au> References: <3ACF1957.E9177B52@siteplus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Weeks wrote: > > While checking one of my apache error logs this morning, I find a long > list of the following error. > I was wondering if it makes sense to anyone? I am especially curious > about characters "À¯". > > [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not > exist: > /usr/local/www/data/scripts/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/winnt/system32/cmd.exe > > [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not > exist: > /usr/local/www/data/scripts/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/winnt/system32/cmd.exe Looks like some sort of buffer overflow attack, and they are then trying to spawn the cmd shell (if you can even call it a shell)... Since your unix system is not windows, even if the buffer overflow worked they sure wouldnt be able to run cmd.exe :P Obviously this is one of the great new holes in NT + ISS that are found every second day... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ACF2531.49B7CC17>