[lug] Interesting Access Message
jeerygh at hotmail.com
Tue Jul 31 11:38:50 MDT 2001
Damn the crackers! It appears as if "he" is trying to ping himself eh? Was
there a patch released for the unicode bug?
>From: Calvin Dodge <caldodge at fpcc.net>
>Reply-To: lug at lug.boulder.co.us
>To: lug at lug.boulder.co.us
>Subject: Re: [lug] Interesting Access Message
>Date: Tue, 31 Jul 2001 11:11:01 -0600
>On Tue, Jul 31, 2001 at 04:59:24PM +0000, Greg Horne wrote:
> > I was going through my server logs (apache on linux) and I noticed this
> > error message:
> > 184.108.40.206 - - [31/Jull/2001:08:05:39 -0700] "GET
> > HTTP/1.0" 404 -
> > Has anybody ever seen anything like this???
>Yep - I see an average of one a week in my web server logs.
>It's an exploit for IIS (the "winnt" is a bit of a giveaway) - getting the
>web server to "walk up the directory tree" by using non-English equivalents
>to the "\" character, which are recognized by the file system, but NOT by
>the (pre-patch) web server.
>In this case it looks like they're trying to get your server to ping
>someone else (probably as part of a DOS attack).
>Certified Linux Bigot (tm)
>Web Page: http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the LUG