You was hacked by one of those Nimba type worm viruses. Be glad you were not running IIS, you could have been in big trouble.
Jim -----Original Message----- From: Evgeniy Strokin [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 12:05 PM To: [EMAIL PROTECTED] Subject: somebody trying hack me, what they really wanted? Hi, tonight, somebody had tried hack our Tomcat 3.2.3 in win2000. Here is the log: 2001-12-13 01:18:35 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:18:36 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:18:42 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:46 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 01:18:47 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 01:18:50 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:18:51 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( /msadc/..%255c../..%255c../..%255c/..%c1%1 c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null 2001-12-13 01:19:00 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 01:19:01 - Ctx( ): 404 R( /scripts/..%c0%2f../winnt/system32/cmd.exe ) null 2001-12-13 01:19:31 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 01:50:41 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 01:50:41 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 01:51:09 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) 2001-12-13 06:08:24 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 06:08:24 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /scripts/..%255c../winnt/system32/cmd.exe) null 2001-12-13 06:08:25 - Ctx( ): 404 R( /_vti_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /_mem_bin/..%255c../..%255c../..%255c../wi nnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /msadc/..%255c../..%255c../..%255c/..%c1%1 c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null 2001-12-13 06:08:26 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:26 - Ctx( ): 404 R( /scripts/..%c0%2f../winnt/system32/cmd.exe ) null 2001-12-13 06:08:26 - Ctx( ): 404 R( + /scripts/..?�../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:27 - Ctx( ): 404 R( + /scripts/..??../winnt/system32/cmd.exe + null) null 2001-12-13 06:08:27 - ContextManager: RequestImpl.setServletPath: Unable to deco de servlet path, using encoded version. path = /scripts/..%%35%63../winnt/syste m32/cmd.exe 2001-12-13 06:08:27 - Ctx( ): 404 R( + /scripts/..%%35%63../winnt/system32/cmd .exe + null) null 2001-12-13 06:08:27 - ContextManager: RequestImpl.setServletPath: Unable to deco de servlet path, using encoded version. path = /scripts/..%%35c../winnt/system3 2/cmd.exe 2001-12-13 06:08:27 - Ctx( ): 404 R( + /scripts/..%%35c../winnt/system32/cmd.e xe + null) null 2001-12-13 06:08:28 - Ctx( ): 404 R( /scripts/..%25%35%63../winnt/system32/cmd.exe) null 2001-12-13 06:08:28 - Ctx( ): 404 R( /scripts/..%252f../winnt/system32/cmd.exe) null 2001-12-13 06:18:21 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 06:18:22 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 06:26:40 - Ctx( ): 404 R( + /scripts/root.exe + null) null 2001-12-13 06:26:52 - Ctx( ): 404 R( + /MSADC/root.exe + null) null 2001-12-13 06:27:01 - ContextManager: SocketException reading request, ignored - java.net.SocketException: Connection reset by peer: JVM_recv in socket input st ream read at java.net.SocketInputStream.socketRead(Native Method) at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA dapter.java:115) at org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ letInputStream.java:106) at org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle tInputStream.java:128) at javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 ) at org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt pRequestAdapter.java:129) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio n(HttpConnectionHandler.java:198) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: 416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java :501) at java.lang.Thread.run(Unknown Source) Is it something serious or they had tried run NIMDA virus files or something like that? What do you think? Best regards, Jenya Strokin ------------------------------------------------- Only a young and very healthy cretin can believe, as if the world is an objective reality not dependent on our consciousness. -------------------------------------------------- -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
