Re: cmd.exe exploit

From: got root? (s_thistle@warmmail.com)
Date: 05/09/02 

From: "got root?" <s_thistle@warmmail.com>
Date: Wed, 8 May 2002 19:57:25 -0230

I am merely posting saying I am tired of complaining to no avail to these
people. These IIS viruses are getting on my nerves. I merely posted my log
from my Apache/unix server. I have no concerns with cmd.exe..

"David Dickinson [MVP]" <eis.no-spam@softhome.net> wrote in message
news:#h52cDs9BHA.2616@tkmsftngp07...
> "got root?" <s_thistle@warmmail.com> wrote in message
> news:#C98gRU9BHA.940@tkmsftngp05...
> > My biggest peeve is this. Here is the log from my web server.
> >
> > [Sun May 5 06:34:08 2002] [error] [client 205.221.191.96] File does not
> > exist: /var/apache/htdocs/c/winnt/system32/cmd.exe
>
> I'm afraid that I don't understand what the problem is. Do you /want/
> cmd.exe to be accessible from the internet? You have probably installed
the
> IIS Lockdown tool which prevents such access. These log entries are the
> result when someone tries to get to it from outside. These log entries
are
> /good/. However, you might want to register complaints with the people
who
> are trying to break into your system.
> --
> David Dickinson, MVP
> EveningStar Information Services
> Las Cruces, NM USA
>
> Summary of Microsoft Security Bulletins
> http://www.zianet.com/bwd/securitybulletins.asp
>
>

Quantcast