OT... I AM BEING HACKED!!!

Possessed Freak · Sep 18, 2001

look

wtf is that?
this just started today, I have not loaded any new software or settings on it in weeks, why today?
some new thing out there!!??

HELP!!!!

Wellcky · Sep 18, 2001

I might be the W32/Nimda@MM worm!?

SphincterLord · Sep 18, 2001

Most likely... I work at the University of Washington and the entire campus is getting hammered... damn IIS worms...

SL

If you have IIS then disable it... otherwise you should be fine...

Possessed Freak · Sep 18, 2001

could be, I dunno, I am just at a loss, I log in to see how my home computer is doing and wham...

I am at school now, I hope nothing bad is happening

Beefcake · Sep 18, 2001

yeh, it looks like it is just searching for anything it can find on your web server, doesnt seem to able to access much but the scripts etc..

Beefcake · Sep 18, 2001

it IS this.. I'm sure coz if you goto the web site of the person who is connecting to you he has these symptoms:

In addition, the worm sends out probes to Microsoft IIS servers attempting to spread itself by using the Unicode Web Traversal exploit similar to W32.BlueCode.Worm. Compromised servers may display a webpage prompting a visitor to download an Outlook file which contains the worm as an attachment.

It tries to open an email attachment... doh!!

More info:

Info

Beefcake · Sep 18, 2001

Well not to worry, they are also probing my pc, I know for a fact I'm not infected though because my antivirus will detect it, I guess its nothing to worry about if you are patched/anti virus up todate.

If not there is plenty on the url I posted above on how to remove it/patch it.

Possessed Freak · Sep 18, 2001

yeah, thx
whew

Beefcake · Sep 18, 2001

17:36:23 212.187.228.XXX GET /scripts/..Á../winnt/system32/cmd.exe 500
17:36:23 212.187.228.XXX GET /scripts/winnt/system32/cmd.exe 404
17:36:23 212.187.228.XXX GET /winnt/system32/cmd.exe 404
17:36:23 212.187.228.XXX GET /winnt/system32/cmd.exe 404

Above is part of my log file, I just noticed that you dont have the 404 error numbers at the end of your log files, so it looks like your machine might be vunerable

Possessed Freak · Sep 18, 2001

I am not worried because this does not show a 404 yet I know it does not exist:
3:20pm: Http: 24.176.179.82 default.ida

bot2600 · Sep 18, 2001

damn, check this

Bot

bot2600 · Sep 18, 2001

That first line was actually repeated ~50 times, I shortened it somewhat since I didn't think you wanted to see 2 pages of that...

Bot

Paulson · Sep 18, 2001

My log is looking like that too :|

Wonder what's up...

I have a huge log for today... :|

Dale · Sep 18, 2001

PF as Wellcky said, it is the W32/Nimda@MM worm probing your computer or rather your server, since you are running SetiQueue it does not respond to most server commands..

most likely you will suffer no harm, other than the log file getting
very big.. if this continues to grow..

..Dale

Russ · Sep 18, 2001

HMM...I'm showing no attempts on my Win2K server, but a boatload on my Linux server. The two IP addresses are only one digit apart. I guess since the Windows box hasn't been up very long, it's not yet discovered.

Russ, NCNE

aiex · Sep 18, 2001

wow sugar take a look at my logs, this is just a very small section for today:

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2001-09-18 15:23:55
#Fields: time c-ip cs-method cs-uri-stem sc-status
15:23:55 213.2.231.201 GET /scripts/root.exe 404
15:24:04 213.2.231.201 GET /MSADC/root.exe 404
15:24:13 213.2.231.201 GET /c/winnt/system32/cmd.exe 404
15:24:20 213.2.231.201 GET /d/winnt/system32/cmd.exe 404
15:24:21 213.2.231.201 GET /scripts/..%5c../winnt/system32/cmd.exe 200
15:25:10 213.2.231.201 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:25:18 213.2.231.201 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:25:28 213.2.231.201 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:25:36 213.2.231.201 GET /scripts/..%5c../Admin.dll 500
15:25:44 213.2.231.201 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
15:25:52 213.2.231.201 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
15:25:55 213.2.231.201 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
15:25:55 213.2.231.201 GET /scripts/..Á../winnt/system32/cmd.exe 500
15:25:58 213.2.231.201 GET /scripts/winnt/system32/cmd.exe 404
15:26:06 213.2.231.201 GET /winnt/system32/cmd.exe 404
15:26:16 213.2.231.201 GET /winnt/system32/cmd.exe 404
15:26:24 213.2.231.201 GET /scripts/..%5c../winnt/system32/cmd.exe 200
15:27:20 213.2.231.201 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:27:35 213.1.0.36 GET /scripts/root.exe 404
15:40:10 213.1.33.172 GET /scripts/root.exe 404
15:40:16 213.1.33.172 GET /MSADC/root.exe 404
15:40:20 213.1.33.172 GET /c/winnt/system32/cmd.exe 404
15:40:23 213.1.33.172 GET /d/winnt/system32/cmd.exe 404
15:40:26 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 200
15:41:16 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:41:19 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:41:22 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:41:25 213.1.33.172 GET /scripts/..%5c../Admin.dll 500
15:41:28 213.1.33.172 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
15:41:31 213.1.33.172 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
15:41:35 213.1.33.172 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
15:41:38 213.1.33.172 GET /scripts/..Á../winnt/system32/cmd.exe 500
15:41:41 213.1.33.172 GET /scripts/winnt/system32/cmd.exe 404
15:41:44 213.1.33.172 GET /winnt/system32/cmd.exe 404
15:41:47 213.1.33.172 GET /winnt/system32/cmd.exe 404
15:41:50 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 200
15:42:41 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:42:46 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:42:51 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:42:58 213.1.33.172 GET /scripts/..%5c../Admin.dll 500
15:43:01 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 200
15:43:53 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:43:57 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:44:03 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:44:06 213.1.33.172 GET /scripts/..%5c../Admin.dll 500
15:44:12 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 200
15:44:17 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:44:22 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:44:27 213.1.33.172 GET /scripts/..%5c../winnt/system32/cmd.exe 502
15:44:31 213.1.33.172 GET /scripts/..%5c../Admin.dll 500
15:44:37 213.1.33.172 GET /scripts/..%2f../winnt/system32/cmd.exe 200
15:44:42 213.1.33.172 GET /scripts/..%2f../winnt/system32/cmd.exe 502
15:44:46 213.1.33.172 GET /scripts/..%2f../winnt/system32/cmd.exe 502
15:44:49 213.1.33.172 GET /scripts/..%2f../winnt/system32/cmd.exe 502
15:44:56 213.1.33.172 GET /scripts/..%2f../Admin.dll 500
15:47:48 213.1.10.41 GET /scripts/root.exe 404
15:47:51 213.1.10.41 GET /MSADC/root.exe 404
15:47:53 213.1.10.41 GET /c/winnt/system32/cmd.exe 404
#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2001-09-18 16:15:23
#Fields: time c-ip cs-method cs-uri-stem sc-status
16:15:20 213.136.14.69 GET /scripts/root.exe 404
16:15:23 213.136.14.69 GET /MSADC/root.exe 404
16:15:27 213.136.14.69 GET /c/winnt/system32/cmd.exe 404
16:15:29 213.136.14.69 GET /d/winnt/system32/cmd.exe 404
16:15:36 213.136.14.69 GET /scripts/..%5c../winnt/system32/cmd.exe 200
16:16:37 213.136.14.69 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:24:11 213.1.39.160 GET /scripts/root.exe 404
16:24:25 213.1.39.160 GET /MSADC/root.exe 404
16:27:30 213.66.113.252 GET /default.ida 200
16:30:38 213.26.24.72 GET /scripts/root.exe 404
16:30:45 213.26.24.72 GET /MSADC/root.exe 404
16:30:51 213.26.24.72 GET /c/winnt/system32/cmd.exe 404
16:30:57 213.26.24.72 GET /d/winnt/system32/cmd.exe 404
16:31:04 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 200
16:31:56 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:32:49 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:32:52 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:32:56 213.26.24.72 GET /scripts/..%5c../Admin.dll 500
16:33:02 213.26.24.72 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
16:33:10 213.26.24.72 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
16:33:17 213.26.24.72 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
16:33:20 213.26.24.72 GET /scripts/..Á../winnt/system32/cmd.exe 500
16:33:27 213.26.24.72 GET /scripts/winnt/system32/cmd.exe 404
16:33:38 213.26.24.72 GET /winnt/system32/cmd.exe 404
16:33:46 213.26.24.72 GET /winnt/system32/cmd.exe 404
16:33:55 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 200
16:34:47 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:35:41 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:35:47 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:35:52 213.26.24.72 GET /scripts/..%5c../Admin.dll 500
16:35:58 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 200
16:36:03 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:36:08 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:36:13 213.26.24.72 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:36:16 213.26.24.72 GET /scripts/..%5c../Admin.dll 500
16:44:45 213.182.142.90 GET /scripts/root.exe 404
16:44:51 213.182.142.90 GET /MSADC/root.exe 404
16:44:56 213.182.142.90 GET /c/winnt/system32/cmd.exe 404
16:45:02 213.182.142.90 GET /d/winnt/system32/cmd.exe 404
16:45:08 213.182.142.90 GET /scripts/..%5c../winnt/system32/cmd.exe 200
16:45:12 213.182.142.90 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:45:17 213.182.142.90 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:45:23 213.182.142.90 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:45:26 213.182.142.90 GET /scripts/..%5c../Admin.dll 500
16:45:32 213.182.142.90 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
16:45:36 213.182.142.90 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
16:45:43 213.182.142.90 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
16:45:48 213.182.142.90 GET /scripts/..Á../winnt/system32/cmd.exe 500
16:45:51 213.182.142.90 GET /scripts/winnt/system32/cmd.exe 404
16:45:57 213.182.142.90 GET /winnt/system32/cmd.exe 404
16:46:04 213.182.142.90 GET /winnt/system32/cmd.exe 404
16:46:11 213.182.142.90 GET /scripts/..%5c../winnt/system32/cmd.exe 200
16:47:04 213.182.142.90 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:47:09 213.182.142.90 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:47:15 213.182.142.90 GET /scripts/..%5c../winnt/system32/cmd.exe 502
16:53:54 213.1.0.36 GET /scripts/root.exe 404
16:54:40 213.1.2.227 GET /scripts/root.exe 404
16:54:48 213.1.2.227 GET /MSADC/root.exe 404
16:54:58 213.1.2.227 GET /c/winnt/system32/cmd.exe 404
16:55:06 213.1.2.227 GET /d/winnt/system32/cmd.exe 404
17:06:53 213.53.243.242 GET /scripts/root.exe 404
17:07:01 213.53.243.242 GET /MSADC/root.exe 404
17:08:23 213.68.236.34 GET /scripts/root.exe 404
17:08:24 213.68.236.34 GET /MSADC/root.exe 404
17:08:24 213.68.236.34 GET /c/winnt/system32/cmd.exe 404
17:08:26 213.68.236.34 GET /d/winnt/system32/cmd.exe 404
17:08:27 213.68.236.34 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:08:29 213.53.243.242 GET /c/winnt/system32/cmd.exe 404
17:08:35 213.53.243.242 GET /d/winnt/system32/cmd.exe 404
17:08:42 213.1.241.3 GET /scripts/root.exe 404
17:08:46 213.1.241.3 GET /MSADC/root.exe 404
17:08:54 213.1.241.3 GET /c/winnt/system32/cmd.exe 404
17:09:00 213.1.241.3 GET /d/winnt/system32/cmd.exe 404
17:09:00 213.53.243.242 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:09:08 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:09:15 213.68.236.34 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:09:20 213.68.236.34 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:09:23 213.68.236.34 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:09:27 213.68.236.34 GET /scripts/..%5c../Admin.dll 500
17:09:30 213.68.236.34 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
17:09:35 213.68.236.34 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
17:09:41 213.68.236.34 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
17:09:55 213.53.243.242 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:10:02 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:10:48 213.53.243.242 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:10:57 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:11:50 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:11:56 213.1.241.3 GET /scripts/..%5c../Admin.dll 500
17:12:02 213.1.241.3 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
17:12:15 213.1.241.3 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
17:12:21 213.1.241.3 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
17:12:26 213.1.241.3 GET /scripts/..Á../winnt/system32/cmd.exe 500
17:12:32 213.1.241.3 GET /scripts/winnt/system32/cmd.exe 404
17:12:41 213.1.241.3 GET /winnt/system32/cmd.exe 404
17:12:47 213.1.241.3 GET /winnt/system32/cmd.exe 404
17:12:54 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:13:01 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:13:07 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:13:14 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:13:19 213.1.241.3 GET /scripts/..%5c../Admin.dll 500
17:13:26 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:13:31 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:13:37 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:13:43 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:13:55 213.1.241.3 GET /scripts/..%5c../Admin.dll 500
17:14:04 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:14:09 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:14:16 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:14:21 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:14:28 213.1.241.3 GET /scripts/..%5c../Admin.dll 500
17:14:35 213.1.241.3 GET /scripts/..%2f../winnt/system32/cmd.exe 200
17:14:42 213.1.241.3 GET /scripts/..%2f../winnt/system32/cmd.exe 502
17:14:47 213.1.241.3 GET /scripts/..%2f../winnt/system32/cmd.exe 502
17:14:54 213.1.241.3 GET /scripts/..%2f../winnt/system32/cmd.exe 502
17:14:59 213.1.241.3 GET /scripts/..%2f../Admin.dll 500
17:18:25 204.165.161.36 GET /default.ida 200
17:20:07 213.1.241.3 GET /scripts/root.exe 404
17:20:14 213.1.241.3 GET /MSADC/root.exe 404
17:20:20 213.1.241.3 GET /c/winnt/system32/cmd.exe 404
17:20:26 213.1.241.3 GET /d/winnt/system32/cmd.exe 404
17:20:34 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:20:39 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:20:43 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:20:49 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:20:57 213.1.241.3 GET /scripts/..%5c../Admin.dll 500
17:21:00 213.1.241.3 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
17:21:07 213.1.241.3 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
17:21:14 213.1.241.3 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
17:21:20 213.1.241.3 GET /scripts/..Á../winnt/system32/cmd.exe 500
17:21:26 213.1.241.3 GET /scripts/winnt/system32/cmd.exe 404
17:21:34 213.1.241.3 GET /winnt/system32/cmd.exe 404
17:21:42 213.1.241.3 GET /winnt/system32/cmd.exe 404
17:21:50 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:21:56 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:22:01 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:22:09 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:22:15 213.1.241.3 GET /scripts/..%5c../Admin.dll 500
17:22:22 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:22:28 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:22:34 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:22:41 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:22:48 213.1.241.3 GET /scripts/..%5c../Admin.dll 500
17:22:52 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 200
17:22:58 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:23:06 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:23:10 213.1.241.3 GET /scripts/..%5c../winnt/system32/cmd.exe 502
17:23:15 213.1.241.3 GET /scripts/..%5c../Admin.dll 500
17:23:21 213.1.241.3 GET /scripts/..%2f../winnt/system32/cmd.exe 200
17:23:25 213.1.241.3 GET /scripts/..%2f../winnt/system32/cmd.exe 502
17:23:33 213.1.241.3 GET /scripts/..%2f../winnt/system32/cmd.exe 502
17:30:18 213.100.91.80 GET /scripts/root.exe 404

IBhacknU · Sep 18, 2001

<---- "you mess with the bull, you get the horns"

Just kidding of course. I hope things are back to normal for you soon Possessed Freak

ddiccico · Sep 18, 2001

bot2600, yhpm

Tetsuo316 · Sep 18, 2001

two things:

first, i'm glad i updated virus detection software today, and

second, how do you look up this log?

Shuxclams · Sep 18, 2001

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32571 This takes care of big a$$ logs....

SHUX

RaySun2Be · Sep 18, 2001

We have been hit by this thing. One of the new servers we spent so much time on last week was hammered, just happens to be all our production and user data & files. Renamed them xxx.eml, with a file size of 77.7 (or 78) K. Also creates a riched*.dll too.

Naturally it hits when I'm in an all day meeting and didn't get a heads up on this thing. :|

Going to have to rebuild a server and restore from last Friday night's full backup, then apply the incrementals.

NOTE" NOT ALL ANTI-VIRUS companies had a .DAT file today for this virus. I know McAfee detects it now if you updated this afternoon, but Norton did not detect it at that time, but it looks like they have a detection for it. No suggestions yet on how to clean or recover though.

n0cmonkey · Sep 18, 2001

Hopefully the people that did not get fired over the original code red will be looking for new jobs tomorrow. Anyone want to help me write a cgi script to take care of machines trying to exploit this?

Russ · Sep 18, 2001

OOPS! Spoke too soon. Now my Win2k server is also getting hammered with attempts.

Russ, NCNE

Russ · Sep 18, 2001

Shux,

That scan tool rocks! Now all the hits are just simple 404s. Guys, if you're running IIS, grab it.

Russ, NCNE

DnetMHZ · Sep 18, 2001

my servers are getting about 1-3 attempts a second last i checked.. no effect but all this bogus traffic is a pain!

OT... I AM BEING HACKED!!!

Diamond Member

Golden Member

Senior member

Diamond Member

Senior member

Senior member

Senior member

Diamond Member

Senior member

Diamond Member

Platinum Member

Platinum Member

Elite Member

Senior member

Lifer

Senior member

Diamond Member

Senior member

Golden Member

Diamond Member

Lifer

Elite Member

Lifer

Lifer

Diamond Member