httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack L. Stone" <jackst...@sage-one.net>
Subject Re: Am I being probed?
Date Sun, 28 Jul 2002 18:10:52 GMT
At 07:54 PM 7.28.2002 +0200, eric wrote:
>Did a google search on whois and found inetnum 217.224.0.0 - 217.237.161.47 
>with Deutsche Telekom AG.
>
>I'm emailing my log to abuse@t-ipnet.de.  
>
>Maybe it's nothing but maybe it's something.
>
> Thanks again.
>
>Eric
>
No, it was definitely an effort to cause trouble and reporting it is a good
thing -- if they will do anything. The ISP will have to take time to track
down the user and time allocation is a matter of priorities which differ by
ISP versus resources. This stuff is constant... just be concerned it you
have Windows running as a server as far as this particular attack.... in
this case the script is looking for a directory of "C:\WINNT" and use the
command to run the script:
"/c/winnt/system32/cmd.exe?/c+dir"

Best regards,
Jack L. Stone,
Administrator

SageOne Net
http://www.sage-one.net
jackstone@sage-one.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message