Yes root exploits exist on all platforms, but
my issue is that this particular one is hitting
my web servers over and over and over and ...
Checking all the logs about an hour ago:
around 5000 hits in the past two days
And ... it's geting worse - not better!
So I'm looking for a solution rather than to
sit back and wait for the problem to start
flooding the net
This has been happening for more than two
weeks and still it goes on.
Anyone that interactively uses a machine with
this problem will immediately see the
performance problems it causes and thus SHOULD
do something about it.
If it's a server then whoever is pretending to
manage the server should know about it and fix
it.
Blah ... blah ... blah ... I think enough said.
-Cheers
-Andrew
--
MS ... if only he hadn't been hang gliding!
> Andrew Smith wrote:
>>
>> I think the best response would be to login using
>> the telnet backdoor, delete the IIS EXE and/or DLLs
>> (or better - just delete the %windir%\System32\idq.dll
>> if that stops it?) then force a reboot - even without
>> a reboot, the next time they did reboot the problem
>> would go away - and hell, windows servers don't run for
>> very long without requiring a reboot do they? :-)
>>
>> Now I'm sure it could automated this from the access_log
>> :-)
>>
>> Anyone got the time and the inclination to do this?
>>
>> I would actually suggest that we should be quite within
>> our rights to do this!
>>
>> Hmmm ... I might have a quick look at what's involved ...
>>
>> Certainly worth posting to the general internet if someone
>> did it :-)
>>
>> If I actually run over my usage limit for this or next
>> month ... very unlikely, but ... then effectively I am
>> paying money because of the IDIOTS that run these STUPID
>> MS IIS servers and don't have even half a brain to work
>> out what is going on or to fix it up.
>>
>> But I didn't say that did I? :-)
>>
> ----
> You could get sued for breaking and entering - delete the logs before
> you go ;-)
>
> oh - I think that the idq.dll is probably busy and permissions probably
> won't allow even root to delete.
>
> you probably have to stop the www service first.
>
> However, considering that root exploits exist on all platforms, isn't
> this conversation a bit arrogant?
>
> Craig
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
