thousands huh?
the fact is, you can't list a dozen people on this list that you know for
absolute certain are digging around his server in some malicious manner. i'm
not suggesting everyone here is a saint, but i think all these dramatic
suggestions of the behaviours of others is unfounded.
and while we're still on the subject, i think if you're the admin of
machines being hacked based on an exploit that's MONTHS old, you shouldn't
feel victimized. you should feel ignorant. and i wonder, of all the machines
that were vulnerable to this latest round, how many of them actually *use*
MS indexing server? patching services you're not using. brilliant. why don't
we all just run anonymous FTP into our system folders and level the playing
field? maybe we'll stave off
(http://www.dictionary.com/cgi-bin/dict.pl?term=stave) the hackers because
they won't know where to start...
-----Original Message-----
From: Stephen Moretti [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 02, 2001 9:17 AM
To: CF-Talk
Subject: RE: default.ida?
Well since he posted his IP addresses to this list they have been pinged,
tracert'd, checked for code red vunerability, checked for all the usual CF
insecurities, had his entire IP range scanned...
Need I go on?
Its not the fact that its easy for someone to do these things, its the fact
that there are 1000s of subscribers on this list who are now "having a look"
at his server, as well as the unscrupulous people having a good old dig at
his server.
Is that sufficient?
> -----Original Message-----
> From: Dylan Bromby [mailto:[EMAIL PROTECTED]]
> Sent: 02 August 2001 16:26
> To: CF-Talk
> Subject: RE: default.ida?
>
>
> his email domain is cc.uk.com. which i can ping and see the IP
> 193.122.20.2.
> so i could do a port scan in that range and see any machine
> running port 80.
>
> so can you explain to us all what he revealed that wouldn't take
> more than 1
> or 2 minutes for anyone to figure out?
>
> -----Original Message-----
> From: Stephen Moretti [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 02, 2001 8:05 AM
> To: CF-Talk
> Subject: RE: default.ida?
>
>
> Might be an idea to go away and change the IP addresses on your
> servers now
> and abandon these two for all eternity....
>
> Never put this kind of information out on the list. You are openning
> yourself up to abuse by the few unscrupulous people on this list...
>
> Stephen
>
> > -----Original Message-----
> > From: Edward Chanter [mailto:[EMAIL PROTECTED]]
> > Sent: 02 August 2001 15:50
> > To: CF-Talk
> > Subject: RE: default.ida?
> >
> >
> > 193.122.20.5 - Production
> > 193.122.20.8 - Development
> >
> > Why?
> >
> >
> >
> > > -----Original Message-----
> > > From: Tangorre, Mike [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, August 02, 2001 3:34 PM
> > > To: CF-Talk
> > > Subject: RE: default.ida?
> > >
> > >
> > > whats yur ip? :-)
> > >
> > >
> > > Michael T. Tangorre
> > > --------------------------------------------
> > > Web Applications Developer
> > > Office Phone: 703-558-4746
> > > Cellular Phone: 607-426-9277
> > > AIM: CrazyFlash4
> > > Personal Email: [EMAIL PROTECTED]
> > > Work Email: [EMAIL PROTECTED]
> > > School Email: [EMAIL PROTECTED]
> > > --------------------------------------------
> > > This Email contains MillenniuM Information
> > > Systems, LLC Privileged Information which
> > > is Customer or Business Sensitive.
> > > --------------------------------------------
> > >
> > >
> > > -----Original Message-----
> > > From: Edward Chanter [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, August 02, 2001 10:32 AM
> > > To: CF-Talk
> > > Subject: RE: default.ida?
> > >
> > >
> > > > -----Original Message-----
> > > > > I don't actually think it's hysteria mate, do you want to see
> > > > > a copy of my
> > > > > IDS logs????
> > > >
> > > > Not really, no. They tend to be boring and full of kidz
> getting 404's.
> > >
> > > :-) I did say IDS logs though, they filter out all the crap and
> > > only show me
> > > the ISAPI Extension Overflow errors.....
> > >
> > > > > There are a large number of attacks going on as
> > > > > I write this
> > > >
> > > > Woo-wee - where have you been ? An ongoing scan of your system is
> > > > a *FACT OF
> > > > LIFE* for a system on the internet.
> > > > My dial-up gateway at home gets scanned !
> > >
> > > Tell me about it, then again, my server very rarely blocks
> > anyone, so far
> > > today it's implemented over 300 24 bans on various IP addresses
> > > in the last
> > > 12 hours..... That is unusual.....
> > >
> > > > > and anyone running an unpatched/unprotected IIS server needs
> > > > > to do something
> > > > > about it asap.
> > > >
> > > > No, anyone running an unpatched/unprotected IIS server on a
> > > public network
> > > > needs to fired, as their not doing their job. The patch was all
> > > > over BugTraq
> > > > et al. well before Code Red was released.
> > >
> > > Agreed!
> > >
> > > > But, if you look at the domains from which these scans originate,
> > > > most have
> > > > no reverse look-up, or are from ISP's like @home <shrug> and
> > > > those are just
> > > > the people who wont care, because Code Red version 2 is non
> > > destructive to
> > > > the local machine.
> > >
> > > Lot's of Chinese, Japanese, Koreans, Mexicans and a few US and
> > EU academic
> > > one's as well...... There are even some coming in as 0.0.0.0
> > >
> > > I have had a few responses from some of the ones I thought would take
> > > action, some very sheepish IISadmins out there :-)
> > >
> > > We're averaging a new attempt every minute or so....
> > >
> > > -= Ed
> > >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
