that's "Medal of Honor: Debarquement Allie: En Formation" ----- Original Message ----- From: "Tony" <[EMAIL PROTECTED]> To: "CF-Community" <[email protected]> Sent: Wednesday, September 07, 2005 10:41 PM Subject: Re: help!!
> there are files in the last directory, each 25,001 bytes called > MOHDAEF.001 - .031 > and a final MOHDAEF.cue file. > > strange. > > tw > > On 9/7/05, Matthew Blatchley <[EMAIL PROTECTED]> wrote: >> Would a SQL injection attack and creating a folder are two different acts >> right? SQL injection attack is through the web form...and the creation >> of a >> folder is by someone getting into the box...yeah? >> >> ----- Original Message ----- >> From: "Jerry Johnson" <[EMAIL PROTECTED]> >> To: "CF-Community" <[email protected]> >> Sent: Wednesday, September 07, 2005 10:08 PM >> Subject: Re: help!! >> >> >> > Yes, of course you should bw worried. (Which you know) >> > >> > Could it have been a SQL injection attack going through your blog >> > comments? >> > Is your cfide structure in a non-standard place? >> > I assume you have all patches in place for SQL, IIS, CF and your OS, >> > yes? >> > >> > Can you tell what user created the folder? >> > Is there anything in the folder? >> > Can you tell what time the folder was created, and then match that up >> > to SQL logs, IIS logs and CF logs? >> > >> > FWIW: >> > Bender is a windows virus (W32.Bender.1363) >> > Bender is a character from Futurama. In The Honking, Bender is >> > infected with a virus that turns him into a murderous car each evening >> > at midnight. They also mention K.I.T.T. in this episode (from Knight >> > Rider) >> > Medal of Honnor En Formation looks like the french spelling >> > lpt5, lpt4 and com0 are communication ports (printer, serial) >> > >> > >> > On 9/7/05, Tony <[EMAIL PROTECTED]> wrote: >> >> D:\webserver\.tag4\ . lpt5\ .ΓΏ lpt4\ . com0\ [EMAIL PROTECTED] >> >> [[Bender scan -- K.I.T.T tagg]]\ .K.I.T.T\Medal of Honnor-En >> >> Formation >> >> >> >> is a path on my new dedicated box on my server that just magically >> >> showed >> >> up. >> >> >> >> i ran a full scan on the box, came up with nothing. >> >> >> >> question: should i be worried? >> >> >> >> also, today, i noticed a BUTTLOAD of traffic from a certain group of >> >> ipaddresses... >> >> they all came from: >> >> >> >> 203.28.159.135 - 203.28.15.138 >> >> >> >> to my blog page. >> >> >> >> and i just dont know wtf to do, or where to start, ive googled most >> >> parts of the path, the TAG of the fucknut who did something, but im >> >> not sure where to go with this one. >> >> >> >> thanks. >> >> tony >> >> >> >> >> >> -- >> >> ....tony >> >> >> >> Tony Weeg >> >> tonyweeg [at] gmail [dot] com >> >> >> >> >> > >> > >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:173231 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
