OK, anyone actually had a play with this?
I can get in no problems (you have to press
<return> twice after the "GET" command)
but no commands I type at the prompt
seem to work - I guess it isn't a "true"
telnet server running?
I keep getting a "CGI Application Timeout"
even when trying a simple "dir"
Any ideas?
I'm running my tests from a machine that
has ports 1:1023 closed on the input chain
so hopefully that shouldn't be a problem
(and if it is - well then forget it :-)
-Cheers
-Andrew
--
MS ... if only he hadn't been hang gliding!
> I think the best response would be to login using
> the telnet backdoor, delete the IIS EXE and/or DLLs
> (or better - just delete the %windir%\System32\idq.dll
> if that stops it?) then force a reboot - even without
> a reboot, the next time they did reboot the problem
> would go away - and hell, windows servers don't run for
> very long without requiring a reboot do they? :-)
>
> Now I'm sure it could automated this from the access_log
> :-)
>
> Anyone got the time and the inclination to do this?
>
> I would actually suggest that we should be quite within
> our rights to do this!
>
> Hmmm ... I might have a quick look at what's involved ...
>
> Certainly worth posting to the general internet if someone
> did it :-)
>
> If I actually run over my usage limit for this or next
> month ... very unlikely, but ... then effectively I am
> paying money because of the IDIOTS that run these STUPID
> MS IIS servers and don't have even half a brain to work
> out what is going on or to fix it up.
>
> But I didn't say that did I? :-)
>
> -Cheers
> -Andrew
> --
> MS ... if only he hadn't been hang gliding!
>
>> From: "Stephen Carville" <[EMAIL PROTECTED]>
>>
>>> On Mon, 6 Aug 2001, Alejandro González Hernández - Imoq wrote:
>>>
>>> - Hi!
>>> -
>>> - I seem to be getting a kind of web exploit in my server. I have
>>> noticed - this in error_log since two days ago (I'll past just a
>>> little bit of the - file, of course):
>>>
>>> Code Red Worm. It is an IIS exploit that is looking for more sites
>>> to subvert.
>>>
>>> I am sorely tempted to throw together a Perl script to extract the
>>> addresses, get the MX record for the domain and send of an email to
>>> usual names asking them fix their f**king servers. Won't do any good
>>> of course.
>>
>> Stephen, sending email to the wrong place will never do any good. It
>> is a really twittish response. At the very least access the website
>> thus revealed. You'll find that most of them are home machines that do
>> not even have IIS fully installed enough to display the canned example
>> web site. Until all or almost all machines are cleaned up the problem
>> will not go away. (And backdoors will exist on a simply amazing number
>> of machines.)
>>
>> {^_^}
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
