Would a SQL injection attack and creating a folder are two different acts right? SQL injection attack is through the web form...and the creation of a folder is by someone getting into the box...yeah?
----- Original Message ----- From: "Jerry Johnson" <[EMAIL PROTECTED]> To: "CF-Community" <[email protected]> Sent: Wednesday, September 07, 2005 10:08 PM Subject: Re: help!! > Yes, of course you should bw worried. (Which you know) > > Could it have been a SQL injection attack going through your blog > comments? > Is your cfide structure in a non-standard place? > I assume you have all patches in place for SQL, IIS, CF and your OS, yes? > > Can you tell what user created the folder? > Is there anything in the folder? > Can you tell what time the folder was created, and then match that up > to SQL logs, IIS logs and CF logs? > > FWIW: > Bender is a windows virus (W32.Bender.1363) > Bender is a character from Futurama. In The Honking, Bender is > infected with a virus that turns him into a murderous car each evening > at midnight. They also mention K.I.T.T. in this episode (from Knight > Rider) > Medal of Honnor En Formation looks like the french spelling > lpt5, lpt4 and com0 are communication ports (printer, serial) > > > On 9/7/05, Tony <[EMAIL PROTECTED]> wrote: >> D:\webserver\.tag4\ . lpt5\ .ΓΏ lpt4\ . com0\ [EMAIL PROTECTED] >> [[Bender scan -- K.I.T.T tagg]]\ .K.I.T.T\Medal of Honnor-En >> Formation >> >> is a path on my new dedicated box on my server that just magically showed >> up. >> >> i ran a full scan on the box, came up with nothing. >> >> question: should i be worried? >> >> also, today, i noticed a BUTTLOAD of traffic from a certain group of >> ipaddresses... >> they all came from: >> >> 203.28.159.135 - 203.28.15.138 >> >> to my blog page. >> >> and i just dont know wtf to do, or where to start, ive googled most >> parts of the path, the TAG of the fucknut who did something, but im >> not sure where to go with this one. >> >> thanks. >> tony >> >> >> -- >> ....tony >> >> Tony Weeg >> tonyweeg [at] gmail [dot] com >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:173225 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
