Re: somebody trying hack me, what they really wanted?
just for statistics, how many of you run tomcat directly without apache/iis, with your machine being on the internet. All the responses for this thread indicate they do so. Be careful, I know of one machine which was compromised and which had tomcat on 80. although I am not sure that hack was through tomcat. __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: somebody trying hack me, what they really wanted?
I'm on two different servers - Original Message - From: E B [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, December 14, 2001 9:28 AM Subject: Re: somebody trying hack me, what they really wanted? just for statistics, how many of you run tomcat directly without apache/iis, with your machine being on the internet. All the responses for this thread indicate they do so. Be careful, I know of one machine which was compromised and which had tomcat on 80. although I am not sure that hack was through tomcat. __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: somebody trying hack me, what they really wanted?
I do - Original Message - From: E B [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, December 14, 2001 04:28 AM Subject: Re: somebody trying hack me, what they really wanted? just for statistics, how many of you run tomcat directly without apache/iis, with your machine being on the internet. All the responses for this thread indicate they do so. Be careful, I know of one machine which was compromised and which had tomcat on 80. although I am not sure that hack was through tomcat. __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
somebody trying hack me, what they really wanted?
Hi, tonight, somebody had tried hack our Tomcat 3.2.3 in win2000. Here is the log: 2001-12-13 01:18:35 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:18:36 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:18:42 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:46 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:47 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 01:18:50 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:18:51 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( /msadc/..%255c../..%255c../..%255c/..%c1%1 c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 01:19:01 - Ctx( ): 404 R( /scripts/..%c0%2f../winnt/system32/cmd.exe ) null 2001-12-13 01:19:31 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 01:50:41 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:50:41 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:51:09 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 06:08:24 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 06:08:24 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /msadc/..%255c../..%255c../..%255c/..%c1%1 c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /scripts/..%c0%2f../winnt/system32/cmd.exe ) null 2001-12-13 06:08:26 - Ctx( ): 404 R( + /scripts/..?»../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:27 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:27 - ContextManager: RequestImpl.setServletPath: Unable to deco de servlet path, using encoded version. path = /scripts/..%%35%63../winnt/syste m32/cmd.exe 2001-12-13 06:08:27 - Ctx( ): 404 R( +
Re: somebody trying hack me, what they really wanted?
It's a Code Red or Nimba attack, probably from an infected IIS server. On Thu, Dec 13, 2001 at 01:04:51PM -0500, Evgeniy Strokin wrote: Hi, tonight, somebody had tried hack our Tomcat 3.2.3 in win2000. Here is the log: 2001-12-13 01:18:35 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:18:36 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:18:42 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:46 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) [snip] Is it something serious or they had tried run NIMDA virus files or something like that? What do you think? Best regards, Jenya Strokin -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: somebody trying hack me, what they really wanted?
NIMDA ... Just put a file there for it to get ;-) D Evgeniy Strokin wrote: Hi, tonight, somebody had tried hack our Tomcat 3.2.3 in win2000. Here is the log: 2001-12-13 01:18:35 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:18:36 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:18:42 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:46 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:47 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 01:18:50 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:18:51 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( /msadc/..%255c../..%255c../..%255c/..%c1%1 c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 01:19:01 - Ctx( ): 404 R( /scripts/..%c0%2f../winnt/system32/cmd.exe ) null 2001-12-13 01:19:31 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 01:50:41 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:50:41 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:51:09 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 06:08:24 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 06:08:24 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /msadc/..%255c../..%255c../..%255c/..%c1%1 c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /scripts/..%c0%2f../winnt/system32/cmd.exe ) null 2001-12-13 06:08:26 - Ctx( ): 404 R( + /scripts/..?»../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:27 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:27 -
RE: somebody trying hack me, what they really wanted?
You was hacked by one of those Nimba type worm viruses. Be glad you were not running IIS, you could have been in big trouble. Jim -Original Message- From: Evgeniy Strokin [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 12:05 PM To: [EMAIL PROTECTED] Subject: somebody trying hack me, what they really wanted? Hi, tonight, somebody had tried hack our Tomcat 3.2.3 in win2000. Here is the log: 2001-12-13 01:18:35 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:18:36 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:18:42 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:46 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:47 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 01:18:50 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:18:51 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( /msadc/..%255c../..%255c../..%255c/..%c1%1 c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 01:19:01 - Ctx( ): 404 R( /scripts/..%c0%2f../winnt/system32/cmd.exe ) null 2001-12-13 01:19:31 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 01:50:41 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:50:41 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:51:09 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 06:08:24 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 06:08:24 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /msadc/..%255c../..%255c../..%255c/..%c1%1 c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /scripts/..%c0%2f../winnt/system32/cmd.exe ) null 2001-12-13 06:08:26 - Ctx( ): 404 R( + /scripts/..?»../winnt/system32/cmd.exe + null) null
Re: somebody trying hack me, what they really wanted?
I get those all the time. I wish I could put a sign on my computer that says, You're wasting your time. This machine is running Tomcat/Linux. Find someone running Windows. On a more serious note, this is a computer hacking attack, and it comes accross state lines. Could I get the FBI to investigate these things? I'm sure this is a Federal crime. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: somebody trying hack me, what they really wanted?
HA! your funny! FBI stop building your Magic Lantern and come find the poor sap that is trying to hack my free software nothing invested but time server sitting in my broadband closet! Ya Right! -Original Message- From: Dr. Evil [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 2:48 PM To: [EMAIL PROTECTED] Subject: Re: somebody trying hack me, what they really wanted? I get those all the time. I wish I could put a sign on my computer that says, You're wasting your time. This machine is running Tomcat/Linux. Find someone running Windows. On a more serious note, this is a computer hacking attack, and it comes accross state lines. Could I get the FBI to investigate these things? I'm sure this is a Federal crime. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: somebody trying hack me, what they really wanted?
There are scripts out there which do exactly what you want.. They will not even hit the webserver and those ip addresses will get locked out.. http://www.adsl4linux.nl (it's a dutch site I'm sorry..) Mvgr, Martin -Original Message- From: Brian Adams [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 21:38 To: 'Tomcat Users List' Subject: RE: somebody trying hack me, what they really wanted? HA! your funny! FBI stop building your Magic Lantern and come find the poor sap that is trying to hack my free software nothing invested but time server sitting in my broadband closet! Ya Right! -Original Message- From: Dr. Evil [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 2:48 PM To: [EMAIL PROTECTED] Subject: Re: somebody trying hack me, what they really wanted? I get those all the time. I wish I could put a sign on my computer that says, You're wasting your time. This machine is running Tomcat/Linux. Find someone running Windows. On a more serious note, this is a computer hacking attack, and it comes accross state lines. Could I get the FBI to investigate these things? I'm sure this is a Federal crime. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: somebody trying hack me, what they really wanted?
HA! your funny! FBI stop building your Magic Lantern and come find the poor sap that is trying to hack my free software nothing invested but time server sitting in my broadband closet! Ya Right! It was just a thought. I hope the FBI has better things to be doing... -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: somebody trying hack me, what they really wanted?
Try http://myserver.com:8080/%3f Its a pretty recent bug. Allows listing of directory from server. - Original Message - From: Martin van den Bemt [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 13, 2001 1:05 PM Subject: RE: somebody trying hack me, what they really wanted? There are scripts out there which do exactly what you want.. They will not even hit the webserver and those ip addresses will get locked out.. http://www.adsl4linux.nl (it's a dutch site I'm sorry..) Mvgr, Martin -Original Message- From: Brian Adams [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 21:38 To: 'Tomcat Users List' Subject: RE: somebody trying hack me, what they really wanted? HA! your funny! FBI stop building your Magic Lantern and come find the poor sap that is trying to hack my free software nothing invested but time server sitting in my broadband closet! Ya Right! -Original Message- From: Dr. Evil [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 2:48 PM To: [EMAIL PROTECTED] Subject: Re: somebody trying hack me, what they really wanted? I get those all the time. I wish I could put a sign on my computer that says, You're wasting your time. This machine is running Tomcat/Linux. Find someone running Windows. On a more serious note, this is a computer hacking attack, and it comes accross state lines. Could I get the FBI to investigate these things? I'm sure this is a Federal crime. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: somebody trying hack me, what they really wanted?
My linux server has been attacked too for a couple of weeks. I don't care Dom - Original Message - From: Jim Urban [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, December 13, 2001 7:07 PM Subject: RE: somebody trying hack me, what they really wanted? You was hacked by one of those Nimba type worm viruses. Be glad you were not running IIS, you could have been in big trouble. Jim -Original Message- From: Evgeniy Strokin [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 12:05 PM To: [EMAIL PROTECTED] Subject: somebody trying hack me, what they really wanted? Hi, tonight, somebody had tried hack our Tomcat 3.2.3 in win2000. Here is the log: 2001-12-13 01:18:35 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:18:36 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:18:42 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:46 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:47 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 01:18:50 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:18:51 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( /msadc/..%255c../..%255c../..%255c/..%c1%1 c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 01:19:01 - Ctx( ): 404 R( /scripts/..%c0%2f../winnt/system32/cmd.exe ) null 2001-12-13 01:19:31 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 01:50:41 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:50:41 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:51:09 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 06:08:24 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 06:08:24 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null
