LinuxSA Mailing list archives

  From: Adam Smith <adam@internode.com.au>
  To  : Adam Ingerman <OZ_Prophet@austarnet.com.au>
  Date: Mon, 28 Jul 2003 08:20:29 +0930

Re: Intrusion attempts in apache access_log

On Mon, Jul 28, 2003 at 01:19:24AM +0930, Adam Ingerman said:
> On Mon, 28 Jul 2003 00:33, Michael Martucci wrote:
> > Does anyone else get 100's of entries in their apache access log of
> > what seem to be attempts to crack a MS-based web server?
> 
> I was watching my log with tail a while back, and I got several pages worth in 
> an hour or two, with those plus a lot of other interesting, MSIE-looking 
> attacks, trying to get cmd.exe and all the rest...
*snip*
> if you feel there's a point, you could log the IP and trace to their ISP, but I 
> doubt much would happen

Many of these users could be Windows users who don't realize they've been
Trojaned and are spamming the Internet for vulnerable websites and
reporting this information back to their Bot Masters.

Some other common tricks of these trojans are using them as open relays and
using them for Denial of Services attacks... they're pretty much a full
application suite these days.

-- 
Adam Smith      : adam@internode.com.au
Internode       : http://www.internode.on.net
Phone           : (08) 8228 2999

-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject