ACB8DE69.ipt.aol.com scans

• Previous message: David Kennedy CISSP: "Re: Vulernability in /cgi-bin/shopper.exe?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <006a01c11763$ae899d60$0500a8c0@ss810>
From: "Dino" <slayer67@apk.net>
To: <incidents@securityfocus.com>
Subject: ACB8DE69.ipt.aol.com scans
Date: Sat, 28 Jul 2001 08:48:51 -0400

I was checking logs this week on the web server and noticed that I got alot
of hits on July 24.
Only thing this probed caused was adding over 400 hundred lines to the logs.
(I run Apache on Linux)

Well they were probes/scans from:

Name: ACB8DE69.ipt.aol.com
Address: 172.184.222.105

Looks like an automatted Web Scan Prober ;)

** I have attached all the logs for this IP to keep the email short **

Tue Jul 24 10:14:58 2001] [error] [client 172.184.222.105] script not found
or unable to stat: /web_dir/cgi-bin/bb-hist.sh
[Tue Jul 24 10:14:59 2001] [error] [client 172.184.222.105] File does not
exist: /web_dir/_vti_bin/shtml.dll
[Tue Jul 24 10:14:59 2001] [error] [client 172.184.222.105] File does not
exist: /web_dir/_vti_bin/shtml.exe
[Tue Jul 24 10:15:00 2001] [error] [client 172.184.222.105] File does not
exist: /web_dir/admin/includes/
[Tue Jul 24 10:15:02 2001] [error] [client 172.184.222.105] File does not
exist: /web_dir/_vti_inf.html
[Tue Jul 24 10:15:02 2001] [error] [client 172.184.222.105] File does not
exist: /web_dir/_vti_pvt/administrators.pwd
[Tue Jul 24 10:15:03 2001] [error] [client 172.184.222.105] File does not
exist: /web_dir/_vti_pvt/authors.pwd

and so on and on and on ... See attachement for more.

------------------------------------------
Dino
------------------------------------------

• text/plain attachment: log.txt

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Previous message: David Kennedy CISSP: "Re: Vulernability in /cgi-bin/shopper.exe?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages ipfilter problem - seems simple, but Im stuck. ... I've got a Sun Ultra 60 running Solaris 10, ... It logs domain names in the web server logs, which it does via DNS lookups. ... (comp.unix.solaris) Re: Microsofts Early Xmas Present. ... > These logs you included appear to be logs from the web server itself, ... there are multiple stopgaps built in that prevent its abuse. ... It will have a much larger attack signature database and all that ... (Incidents) Re: Serious issues publishing to Win 2003 server ... > And of course there is nothing in the logs. ... >> Roy Chastain wrote: ... >>> if authoring against a web server please contact the webmaster for ... (microsoft.public.frontpage.extensions.windowsnt) Re: Serious issues publishing to Win 2003 server ... And of course there is nothing in the logs. ... >> authoring against a web server please contact the webmaster for this ... Roy Chastain ... (microsoft.public.frontpage.extensions.windowsnt) Re: forgerie? ... "www.pcavtech.comhashad 10's of millions of hits. ... There are about 40,000 unique visitors per month. ... Web server statistics reports. ... (rec.audio.opinion)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint