These are massively truncated copies of log entries from my web server. It's been a background problem for quite a while, but it's starting to achieve epidemic proportions. If any of you recognise the following searches (and I strongly suspect only people on the list will have made searches like this) then your system is infected - each of these searches was followed by a nasty script-kiddie attack on my server from the same IP address. Tough - my server is better set up than that. I've done reverse DNS lookup on the IP addresses - we're not in "name and shame" mode yet - and at least one of the names that comes back is quite staggering. You'd think a company with that kind of reputation would have effective anti-virus measures. If you recognise one of the searches as one of yours, contact me privately and I'll send you the log entries so you can beat your network administrator over the head with it.
31/Mar/2006:21:16:53 +0100 MIPS and z/OS analyst 06/Apr/2006:20:51:30 +0100 z900 2064-104 IBM MIPS 07/Apr/2006:00:02:09 +0100 IBM Multiprise 2003-246 07/Apr/2006:20:23:17 +0100 z9 ibm MSU 11/Apr/2006:21:04:57 +0100 z9 2094-717 Note this is only from one 14-day period. The timestamps are local DST (UK) so one hour from UTC. Apply your own time zone factor. -- Phil Payne http://www.isham-research.co.uk +44 7833 654 800 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
