do you think someone dropped a game on my box to burn it? hmmmm
wtf? tw On 9/7/05, Matthew Blatchley <[EMAIL PROTECTED]> wrote: > That is strange...the .cue file are Instructions for the burning application > of how to burn the disk. And I'm thinking the .001 - .031 are the sectors > it's burning...if that's what they really are... Do you even use your > server as a game server? > > > > ----- Original Message ----- > From: "Tony" <[EMAIL PROTECTED]> > To: "CF-Community" <[email protected]> > Sent: Wednesday, September 07, 2005 10:41 PM > Subject: Re: help!! > > > > there are files in the last directory, each 25,001 bytes called > > MOHDAEF.001 - .031 > > and a final MOHDAEF.cue file. > > > > strange. > > > > tw > > > > On 9/7/05, Matthew Blatchley <[EMAIL PROTECTED]> wrote: > >> Would a SQL injection attack and creating a folder are two different acts > >> right? SQL injection attack is through the web form...and the creation > >> of a > >> folder is by someone getting into the box...yeah? > >> > >> ----- Original Message ----- > >> From: "Jerry Johnson" <[EMAIL PROTECTED]> > >> To: "CF-Community" <[email protected]> > >> Sent: Wednesday, September 07, 2005 10:08 PM > >> Subject: Re: help!! > >> > >> > >> > Yes, of course you should bw worried. (Which you know) > >> > > >> > Could it have been a SQL injection attack going through your blog > >> > comments? > >> > Is your cfide structure in a non-standard place? > >> > I assume you have all patches in place for SQL, IIS, CF and your OS, > >> > yes? > >> > > >> > Can you tell what user created the folder? > >> > Is there anything in the folder? > >> > Can you tell what time the folder was created, and then match that up > >> > to SQL logs, IIS logs and CF logs? > >> > > >> > FWIW: > >> > Bender is a windows virus (W32.Bender.1363) > >> > Bender is a character from Futurama. In The Honking, Bender is > >> > infected with a virus that turns him into a murderous car each evening > >> > at midnight. They also mention K.I.T.T. in this episode (from Knight > >> > Rider) > >> > Medal of Honnor En Formation looks like the french spelling > >> > lpt5, lpt4 and com0 are communication ports (printer, serial) > >> > > >> > > >> > On 9/7/05, Tony <[EMAIL PROTECTED]> wrote: > >> >> D:\webserver\.tag4\ . lpt5\ .ΓΏ lpt4\ . com0\ [EMAIL > >> >> PROTECTED] > >> >> [[Bender scan -- K.I.T.T tagg]]\ .K.I.T.T\Medal of Honnor-En > >> >> Formation > >> >> > >> >> is a path on my new dedicated box on my server that just magically > >> >> showed > >> >> up. > >> >> > >> >> i ran a full scan on the box, came up with nothing. > >> >> > >> >> question: should i be worried? > >> >> > >> >> also, today, i noticed a BUTTLOAD of traffic from a certain group of > >> >> ipaddresses... > >> >> they all came from: > >> >> > >> >> 203.28.159.135 - 203.28.15.138 > >> >> > >> >> to my blog page. > >> >> > >> >> and i just dont know wtf to do, or where to start, ive googled most > >> >> parts of the path, the TAG of the fucknut who did something, but im > >> >> not sure where to go with this one. > >> >> > >> >> thanks. > >> >> tony > >> >> > >> >> > >> >> -- > >> >> ....tony > >> >> > >> >> Tony Weeg > >> >> tonyweeg [at] gmail [dot] com > >> >> > >> >> > >> > > >> > > >> > >> > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:173234 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
