I received multiple error reports from my Zope server tonight, about an object not found at
http://NETSERVER:8080/msadc/..Á%8s../..Á%8s../..Á%8s../winnt/system32/cmd. exe
being called from ip address: 61.156.8.19
This is very odd as my web server is at port 80, and mapped by NAT to 8080.
I presume that this is some sort of attack on my webserver - what are they trying to exploit?
Not sure, but maybe this targeted the iis5.0 bug listed at http://www.guninski.com/iisasp.html A good source for this type of information is http://www.securityfocus.com, esp. the bugtraq-archieves which you can find there. cheers, oliver
On Mon, 12 Feb 2001 10:55:01 +0100 Oliver Bleutgen <myzope@gmx.net> wrote:
Not sure, but maybe this targeted the iis5.0 bug listed at http://www.guninski.com/iisasp.html
Thanks. I've found out more about this. It's a known IIS exploit - seems that the cracker didn't realise I was running Zope <g> -- Graham Chiu
participants (2)
-
Graham Chiu -
Oliver Bleutgen