it's nimda virus! - usually infects windows with: 1. unpatched IIS installed 2. with shared directory 3. if you browse a site that has a nimda virus. 4. if the pc has footprint of code red virus.
- it scan ip address randomly and usually pass around via tftp(69/udp) you have it, if your root directory(c:\;d:\, etc) has admin.dll file + tftp files... noelt. [EMAIL PROTECTED] wrote: guys! i got the following messages from my httpd/error_log. is this an attack on my server or is it just the nimda virus <or any other viruses> on the loose? [Thu Sep 27 13:09:31 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/scripts/root.exe [Thu Sep 27 13:09:35 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/MSADC/root.exe [Thu Sep 27 13:09:41 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/c/winnt/system32/cmd.exe [Thu Sep 27 13:09:47 01] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/d/winnt/system32/cmd.exe [Thu Sep 27 13:09:54 01] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/scripts/..%5c../winnt/system32/cmd.exe [Thu Sep 27 13:10:00 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Thu Sep 27 13:10:05 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [Thu Sep 27 13:10:15 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/msadc/..%5c../..%5c../..%5c/..� ../..� ../..� ../winnt/system32/cmd.exe [Thu Sep 27 13:10:18 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/scripts/..� ../winnt/system32/cmd.exe [Thu Sep 27 13:10:20 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/scripts/..��../winnt/system32/cmd.exe [Thu Sep 27 13:10:22 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/scripts/..��../winnt/system32/cmd.exe [Thu Sep 27 13:10:39 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/scripts/..%5c../winnt/system32/cmd.exe [Thu Sep 27 13:10:48 2001] [error] [client 203.224.9.162] File does not exist: /usr/local/httpd/htdocs/scripts/..%2f../winnt/system32/cmd.exe I tried to go to the site specified by the IP address, and all there was are the following: 공사 중현재 연결하려고 하는 사이트에 기본 페이지가 없습니다. 업그레이드하는 중일 수 있습니다. 다음에 다시 해보십시오. 문제가 계속되면 웹 사이트 관리자에게 문의하십시오. Ano kaya ito? ----------------------- Spawn - The Scourge of the Damned Chris G Haravata IT Resource Officer-Backend Asia Pacific College (www.apc.edu.ph) #3 Humabon Place, Magallanes Subd., Makati City Cell No: 0916 3500465 Tel No 8529232 loc @2 Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (www.grisoft.com). Version: 6.0.281 / Virus Database: 149 - Release Date: 9/18/2001 _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
