My linux server has been attacked too for a couple of weeks. I don't care Dom
----- Original Message ----- From: "Jim Urban" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, December 13, 2001 7:07 PM Subject: RE: somebody trying hack me, what they really wanted? > You was hacked by one of those Nimba type worm viruses. Be glad you were > not running IIS, you could have been in big trouble. > > Jim > > -----Original Message----- > From: Evgeniy Strokin [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 13, 2001 12:05 PM > To: [EMAIL PROTECTED] > Subject: somebody trying hack me, what they really wanted? > > > Hi, > tonight, somebody had tried hack our Tomcat 3.2.3 in win2000. > Here is the log: > > 2001-12-13 01:18:35 - Ctx( ): 404 R( + /scripts/root.exe + null) null > 2001-12-13 01:18:36 - Ctx( ): 404 R( + /MSADC/root.exe + null) null > 2001-12-13 01:18:42 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) > null > 2001-12-13 01:18:46 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) > null > 2001-12-13 01:18:47 - Ctx( ): 404 R( > /scripts/..%255c../winnt/system32/cmd.exe) > null > 2001-12-13 01:18:50 - Ctx( ): 404 R( > /_vti_bin/..%255c../..%255c../..%255c../wi > nnt/system32/cmd.exe) null > 2001-12-13 01:18:51 - Ctx( ): 404 R( > /_mem_bin/..%255c../..%255c../..%255c../wi > nnt/system32/cmd.exe) null > 2001-12-13 01:19:00 - Ctx( ): 404 R( > /msadc/..%255c../..%255c../..%255c/..%c1%1 > c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null > 2001-12-13 01:19:00 - Ctx( ): 404 R( + > /scripts/..??../winnt/system32/cmd.exe > + null) null > 2001-12-13 01:19:01 - Ctx( ): 404 R( > /scripts/..%c0%2f../winnt/system32/cmd.exe > ) null > 2001-12-13 01:19:31 - ContextManager: SocketException reading request, > ignored - > java.net.SocketException: Connection reset by peer: JVM_recv in socket > input st > ream read > at java.net.SocketInputStream.socketRead(Native Method) > at java.net.SocketInputStream.read(Unknown Source) > at java.io.BufferedInputStream.fill(Unknown Source) > at java.io.BufferedInputStream.read(Unknown Source) > at > org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA > dapter.java:115) > at > org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ > letInputStream.java:106) > at > org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle > tInputStream.java:128) > at > javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 > ) > at > org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt > pRequestAdapter.java:129) > at > org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio > n(HttpConnectionHandler.java:198) > at > org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: > 416) > at > org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java > :501) > at java.lang.Thread.run(Unknown Source) > > 2001-12-13 01:50:41 - Ctx( ): 404 R( + /scripts/root.exe + null) null > 2001-12-13 01:50:41 - Ctx( ): 404 R( + /MSADC/root.exe + null) null > 2001-12-13 01:51:09 - ContextManager: SocketException reading request, > ignored - > java.net.SocketException: Connection reset by peer: JVM_recv in socket > input st > ream read > at java.net.SocketInputStream.socketRead(Native Method) > at java.net.SocketInputStream.read(Unknown Source) > at java.io.BufferedInputStream.fill(Unknown Source) > at java.io.BufferedInputStream.read(Unknown Source) > at > org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA > dapter.java:115) > at > org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ > letInputStream.java:106) > at > org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle > tInputStream.java:128) > at > javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 > ) > at > org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt > pRequestAdapter.java:129) > at > org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio > n(HttpConnectionHandler.java:198) > at > org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: > 416) > at > org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java > :501) > at java.lang.Thread.run(Unknown Source) > > 2001-12-13 06:08:24 - Ctx( ): 404 R( + /scripts/root.exe + null) null > 2001-12-13 06:08:24 - Ctx( ): 404 R( + /MSADC/root.exe + null) null > 2001-12-13 06:08:25 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null) > null > 2001-12-13 06:08:25 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null) > null > 2001-12-13 06:08:25 - Ctx( ): 404 R( > /scripts/..%255c../winnt/system32/cmd.exe) > null > 2001-12-13 06:08:25 - Ctx( ): 404 R( > /_vti_bin/..%255c../..%255c../..%255c../wi > nnt/system32/cmd.exe) null > 2001-12-13 06:08:26 - Ctx( ): 404 R( > /_mem_bin/..%255c../..%255c../..%255c../wi > nnt/system32/cmd.exe) null > 2001-12-13 06:08:26 - Ctx( ): 404 R( > /msadc/..%255c../..%255c../..%255c/..%c1%1 > c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null > 2001-12-13 06:08:26 - Ctx( ): 404 R( + > /scripts/..??../winnt/system32/cmd.exe > + null) null > 2001-12-13 06:08:26 - Ctx( ): 404 R( > /scripts/..%c0%2f../winnt/system32/cmd.exe > ) null > 2001-12-13 06:08:26 - Ctx( ): 404 R( + > /scripts/..?�../winnt/system32/cmd.exe > + null) null > 2001-12-13 06:08:27 - Ctx( ): 404 R( + > /scripts/..??../winnt/system32/cmd.exe > + null) null > 2001-12-13 06:08:27 - ContextManager: RequestImpl.setServletPath: Unable to > deco > de servlet path, using encoded version. path = > /scripts/..%%35%63../winnt/syste > m32/cmd.exe > 2001-12-13 06:08:27 - Ctx( ): 404 R( + > /scripts/..%%35%63../winnt/system32/cmd > .exe + null) null > 2001-12-13 06:08:27 - ContextManager: RequestImpl.setServletPath: Unable to > deco > de servlet path, using encoded version. path = > /scripts/..%%35c../winnt/system3 > 2/cmd.exe > 2001-12-13 06:08:27 - Ctx( ): 404 R( + > /scripts/..%%35c../winnt/system32/cmd.e > xe + null) null > 2001-12-13 06:08:28 - Ctx( ): 404 R( > /scripts/..%25%35%63../winnt/system32/cmd.exe) null > 2001-12-13 06:08:28 - Ctx( ): 404 R( > /scripts/..%252f../winnt/system32/cmd.exe) > null > 2001-12-13 06:18:21 - Ctx( ): 404 R( + /scripts/root.exe + null) null > 2001-12-13 06:18:22 - Ctx( ): 404 R( + /MSADC/root.exe + null) null > 2001-12-13 06:26:40 - Ctx( ): 404 R( + /scripts/root.exe + null) null > 2001-12-13 06:26:52 - Ctx( ): 404 R( + /MSADC/root.exe + null) null > 2001-12-13 06:27:01 - ContextManager: SocketException reading request, > ignored - > java.net.SocketException: Connection reset by peer: JVM_recv in socket > input st > ream read > at java.net.SocketInputStream.socketRead(Native Method) > at java.net.SocketInputStream.read(Unknown Source) > at java.io.BufferedInputStream.fill(Unknown Source) > at java.io.BufferedInputStream.read(Unknown Source) > at > org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA > dapter.java:115) > at > org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ > letInputStream.java:106) > at > org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle > tInputStream.java:128) > at > javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138 > ) > at > org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt > pRequestAdapter.java:129) > at > org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio > n(HttpConnectionHandler.java:198) > at > org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java: > 416) > at > org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java > :501) > at java.lang.Thread.run(Unknown Source) > > Is it something serious or they had tried run NIMDA virus files or something > like that? > What do you think? > > Best regards, > Jenya Strokin > ------------------------------------------------- > Only a young and very healthy cretin can believe, > as if the world is an objective reality > not dependent on our consciousness. > -------------------------------------------------- > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
