[sambar] what can i do for stoping this type of users? {02}

[Mark Worley]

Block the Ip address range he might be using. 213.255.68.* Also do a trace route on his connection and report his actions to his ISP. It's worked for me. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of lweb Sent: Friday, June 14, 2002 4:05 PM To: [EMAIL PROTECTED] Subject: [sambar] what can i do for stoping this type of users? {01}   what can i do for stoping this type of users?   ---------------------------------------ftp---------------------------------------------------------------          213.255.68.164 NULL [14/Jun/2002:21:16:14 +0200] \ "LOGIN NULL" 403 0 0 213.255.68.164 ftp [14/Jun/2002:21:38:25 +0200] \ "LOGIN ftp" 403 0 0 213.255.68.164 bogusbogus [14/Jun/2002:21:48:01 +0200] \ "LOGIN bogusbogus" 403 0 0 213.255.68.164 anonymous [14/Jun/2002:21:50:41 +0200] \ "LOGIN anonymous" 403 0 0 213.255.68.164 guest [14/Jun/2002:21:50:45 +0200] \ "LOGIN guest" 403 0 0       -----------------------------------------------www-----------------------------------------------------       213.255.68.164 - - [14/Jun/2002:21:13:18 +0200] "GET / HTTP/1.0" 200 5765 10 "-" "-" 213.255.68.164 - admin [14/Jun/2002:21:15:58 +0200] "GET / HTTP/1.0" 200 5765 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:16:02 +0200] "GET /cfanywhere/index.html HTTP/1.0" 404 565 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:16:04 +0200] "GET /docs/servlets/index.html HTTP/1.0" 404 565 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:16:05 +0200] "GET /jsp/index.html HTTP/1.0" 404 565 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:16:09 +0200] "GET /webl/index.html HTTP/1.0" 404 565 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:19:56 +0200] "GET /chassis/config/GeneralChassisConfig.html HTTP/1.0" 404 565 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:20:15 +0200] "GET / HTTP/1.1" 200 5765 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:18 +0200] "GET /cgi-bin/nessus_is_probing_this_host_1468641437 HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:21 +0200] "GET /servlet/com.newatlanta.servletexec.JSP10Servlet HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:27 +0200] "GET / HTTP/1.1" 200 5765 10 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:30 +0200] "GET /iissamples/sdk/asp/interaction/ServerVariables_Jscript.asp HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:32 +0200] "GET /cgi-bin/af.cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:32 +0200] "GET /cgi-bin/alienform.cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - admin [14/Jun/2002:21:20:35 +0200] "GET / HTTP/1.0" 200 5765 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:20:37 +0200] "GET /cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../etc/passwd HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:38 +0200] "GET /cgi-bin/mrtg.cgi?cfg=/../../../../../../../../../winnt/win.ini HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:39 +0200] "GET /cgi-bin/zml.cgi?file=../../../../../../../../../../../../etc/passwd%00 HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:55 +0200] "GET /SilverStream HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:56 +0200] "GET /SilverStream/Meta/Tables/?access-mode=text HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:58 +0200] "GET /rtm.log HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:20:58 +0200] "GET /cgi-bin/rtm.log HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:21:01 +0200] "GET /examples/jsp/snp/anything.snp HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:21:03 +0200] "GET /phprocketaddin/?page=../../../../../../../../../../../../../../../etc/passwd HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:21:03 +0200] "GET /index.php?page=../../../../../../../../../../../../../../../etc/passwd HTTP/1.1" 200 5765 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:21:04 +0200] "GET /phprocketaddin/?page=../../../../../../../../../../../../../../../WINNT/system32/ipconfig.exe HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:21:05 +0200] "GET /index.php?page=../../../../../../../../../../../../../../../../../WINNT/system32/ipconfig.exe HTTP/1.1" 200 5765 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:21:10 +0200] "GET /?sql_debug=1 HTTP/1.1" 200 5765 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:23:51 +0200] "GET /pls/sample/admin_/help/..%5cplsql.conf HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:26:32 +0200] "GET /demo/ojspext/events/index.jsp HTTP/1.1" 404 565 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:26:34 +0200] "GET /demo/ojspext/events/index.jsp HTTP/1.1" 404 565 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:26:36 +0200] "GET /oprocmgr-status HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 127.0.0.1 - - [14/Jun/2002:21:27:17 +0200] "GET / HTTP/1.1" 200 5765 10 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 127.0.0.1 - - [14/Jun/2002:21:27:17 +0200] "GET /pics/general_style.css HTTP/1.1" 304 0 0 "http://localhost/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 213.255.68.164 - - [14/Jun/2002:21:29:16 +0200] "GET /demo/ojspext/events/globals.jsa HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:29:18 +0200] "GET /pls/portal30/admin_/ HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:29:19 +0200] "GET /dms0 HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:30:01 +0200] "GET /xsql/lib/XSQLConfig.xml HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:30:02 +0200] "GET /servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:30:04 +0200] "GET /cgi-bin/mrtg.cgi?cfg=../../../../../../../../etc/passwd HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:46 +0200] "GET /GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:47 +0200] "GET /cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:47 +0200] "GET /GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:48 +0200] "GET /cgi-bin/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:51 +0200] "GET /GW5/GWWEB.EXE?HELP=bad-request HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:51 +0200] "GET /cgi-bin/GW5/GWWEB.EXE?HELP=bad-request HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:52 +0200] "GET /GWWEB.EXE?HELP=bad-request HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:52 +0200] "GET /cgi-bin/GWWEB.EXE?HELP=bad-request HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:55 +0200] "GET /CVS/Entries HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:32:58 +0200] "GET /...//...//...//...//...//...//...//...//...//...//...//...//...//autoexec.bat HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:37 +0200] "GET /HTTP1.0/ " 404 565 0 "-" "-" 213.255.68.164 - - [14/Jun/2002:21:36:39 +0200] "GET /cgi-bin/websendmail HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:42 +0200] "GET /cgi-bin/webplus?about HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:42 +0200] "GET /cgi-bin/webplus.exe?about HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:45 +0200] "GET /cgi-bin/webplus?script=/../../../../etc/passwd HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:46 +0200] "GET / HTTP/1.1" 200 281 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:47 +0200] "GET /./ HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:48 +0200] "GET /// HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:48 +0200] "GET /\/ HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:52 +0200] "GET /cgi-bin/webgais HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:36:54 +0200] "GET /cgi-bin/webdriver HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:37:01 +0200] "GET /webcart/orders/ HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:37:01 +0200] "GET /webcart/orders/carts/.txt HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:37:02 +0200] "GET /webcart/config/ HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:37:02 +0200] "GET /webcart/carts/ HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:37:03 +0200] "GET /webcart/config/clients.txt HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:04 +0200] "GET /cgi-shop/view_item HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:06 +0200] "GET /cgi-bin/ash HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:07 +0200] "GET /cgi-bin/bash HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:08 +0200] "GET /cgi-bin/csh HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:08 +0200] "GET /cgi-bin/ksh HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:09 +0200] "GET /cgi-bin/sh HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:10 +0200] "GET /cgi-bin/tcsh HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:15 +0200] "GET /cgi-bin/sendtemp.pl HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:17 +0200] "GET /scripts/shopplus.cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:39:17 +0200] "GET /cgi-bin/shopplus.cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:41:21 +0200] "GET /cgi-bin/pfdispaly.cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:41:29 +0200] "GET /cgi-bin/perl?-v HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:41:33 +0200] "GET /cgi-bin/perl.exe?-v HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:41:40 +0200] "GET /cgi-bin/perlcal HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:44:22 +0200] "GET /perl/ HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:44:23 +0200] "GET /pccsmysqladm/incs/dbconnect.inc HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:44:40 +0200] "GET /cgi-bin/pals-cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:44:41 +0200] "GET /pals-cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:44:43 +0200] "GET /cgi-bin/pagelog.cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:44:44 +0200] "GET /ows-bin/perlidlc.bat HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:44:46 +0200] "GET /.FBCIndex HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:45:02 +0200] "GET /.DS_Store HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:47:43 +0200] "GET /xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS HTTP/1.1" 404 565 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:47:59 +0200] "GET /cgi-bin/nph-test-cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:50:47 +0200] "GET /cgi-bin/nph-publish.cgi HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:50:49 +0200] "GET /servlet/webacc HTTP/1.1" 404 565 0 "-" "Mozilla/4.75 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:50:51 +0200] "HEAD / HTTP/1.1" 200 145 0 "-" "Nessus/1.0 [en] (X11, U; Nessus)" 213.255.68.164 - - [14/Jun/2002:21:50:52 +0200] "GET / HTTP/1.1" 200 5765 10 "-" "Nessus/1.0 [en] (X11, U; Nessus)" ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/ ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/