---

Hej Gruppe

Nu er det mig til at spørge dumt.

Jeg har en SME Server V 5.0 til at køre en hjemmeside & mail.

Men min sikkerheds log er flydt med nedenstående


Sat Oct 6 00:52:55 2001] [error] [client 62.243.159.101] File does not
exist: /home/e-smith/files/primary/html/scripts/root.exe
[Sat Oct 6 00:52:55 2001] [error] [client 62.243.159.101] File does not
exist: /home/e-smith/files/primary/html/MSADC/root.exe
[Sat Oct 6 00:52:56 2001] [error] [client 62.243.159.101] File does not
exist: /home/e-smith/files/primary/html/c/winnt/system32/cmd.exe
[Sat Oct 6 00:52:56 2001] [error] [client 62.243.159.101] File does not
exist: /home/e-smith/files/primary/html/d/winnt/system32/cmd.exe
[Sat Oct 6 00:52:57 2001] [error] [client 62.243.159.101] File does not
exist:
/home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
[Sat Oct 6 00:52:58 2001] [error] [client 62.243.159.101] File does not
exist:
/home/e-smith/files/primary/html/_vti_bin/..%5c../..%5c../..%5c../winnt/syst
em32/cmd.exe
[Sat Oct 6 00:52:58 2001] [error] [client 62.243.159.101] File does not
exist:
/home/e-smith/files/primary/html/_mem_bin/..%5c../..%5c../..%5c../winnt/syst
em32/cmd.exe
[Sat Oct 6 00:52:58 2001] [error] [client 62.243.159.101] File does not
exist:
/home/e-smith/files/primary/html/msadc/..%5c../..%5c../..%5c/..Á../..Á../.
..Á../winnt/system32/cmd.exe
[Sat Oct 6 00:52:59 2001] [error] [client 62.243.159.101] File does not
exist:
/home/e-smith/files/primary/html/scripts/..Á../winnt/system32/cmd.exe
[Sat Oct 6 00:53:00 2001] [error] [client 62.243.159.101] File does not
exist:
/home/e-smith/files/primary/html/scripts/..À¯../winnt/system32/cmd.exe
[Sat Oct 6 00:53:01 2001] [error] [client 62.243.159.101] File does not
exist:
/home/e-smith/files/primary/html/scripts/..Áo../winnt/system32/cmd.exe
[Sat Oct 6 00:53:02 2001] [error] [client 62.243.159.101] File does not
exist:
/home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
[Sat Oct 6 00:53:03 2001] [error] [client 62.243.159.101] File does not
exist:
/home/e-smith/files/primary/html/scripts/..%2f../winnt/system32/cmd.exe
[Sat Oct 6 01:00:10 2001] [error] mod_ssl: Cannot open SSLSessionCache DBM
file `/etc/httpd/logs/ssl_scache' for writing (store) (System error follows)
[Sat Oct 6 01:00:10 2001] [error] System: Permission denied (errno: 13)


.....så er spørgsmålet om jeg er mig der er en klovn eller der er nogle der
burde få sig et liv !!!

/Saint_John

---

Hej

Det ligner Nimda - den leder efter root.exe som blev lagt i script
biblioteket af Code red virussen!. Men om det er en eller anden kegle som
sidder og fjoller, ved jeg ikke - men han får jo ikke noget ud af det - kan
jeg se.
Michael



"Saint_John" <saint_john@trustme.dk> skrev i en meddelelse
news:3bbf167e$0$42103$edfadb0f@dspool01.news.tele.dk...
> Hej Gruppe
>
> Nu er det mig til at spørge dumt.
>
> Jeg har en SME Server V 5.0 til at køre en hjemmeside & mail.
>
> Men min sikkerheds log er flydt med nedenstående
>
>
> Sat Oct 6 00:52:55 2001] [error] [client 62.243.159.101] File does not
> exist: /home/e-smith/files/primary/html/scripts/root.exe
> [Sat Oct 6 00:52:55 2001] [error] [client 62.243.159.101] File does not
> exist: /home/e-smith/files/primary/html/MSADC/root.exe
> [Sat Oct 6 00:52:56 2001] [error] [client 62.243.159.101] File does not
> exist: /home/e-smith/files/primary/html/c/winnt/system32/cmd.exe
> [Sat Oct 6 00:52:56 2001] [error] [client 62.243.159.101] File does not
> exist: /home/e-smith/files/primary/html/d/winnt/system32/cmd.exe
> [Sat Oct 6 00:52:57 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
> [Sat Oct 6 00:52:58 2001] [error] [client 62.243.159.101] File does not
> exist:
>
/home/e-smith/files/primary/html/_vti_bin/..%5c../..%5c../..%5c../winnt/syst
> em32/cmd.exe
> [Sat Oct 6 00:52:58 2001] [error] [client 62.243.159.101] File does not
> exist:
>
/home/e-smith/files/primary/html/_mem_bin/..%5c../..%5c../..%5c../winnt/syst
> em32/cmd.exe
> [Sat Oct 6 00:52:58 2001] [error] [client 62.243.159.101] File does not
> exist:
>
/home/e-smith/files/primary/html/msadc/..%5c../..%5c../..%5c/..Á../..Á../.
> .Á../winnt/system32/cmd.exe
> [Sat Oct 6 00:52:59 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..Á../winnt/system32/cmd.exe
> [Sat Oct 6 00:53:00 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..À¯../winnt/system32/cmd.exe
> [Sat Oct 6 00:53:01 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..Áo../winnt/system32/cmd.exe
> [Sat Oct 6 00:53:02 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
> [Sat Oct 6 00:53:03 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..%2f../winnt/system32/cmd.exe
> [Sat Oct 6 01:00:10 2001] [error] mod_ssl: Cannot open SSLSessionCache
DBM
> file `/etc/httpd/logs/ssl_scache' for writing (store) (System error
follows)
> [Sat Oct 6 01:00:10 2001] [error] System: Permission denied (errno: 13)
>
>
> ....så er spørgsmålet om jeg er mig der er en klovn eller der er nogle der
> burde få sig et liv !!!
>
> /Saint_John
>
>

---

hej Igen

Nu tjekkede jeg på ripe og svaret var ->

: TDC-TELEDANMARK-BREDBAANDSADSL-NET
descr: IP addresses for ADSL users in
descr: Tele Danmark\'s IP backbone.
descr: Location: Albertslund
descr: Box: albnxx1

Så det er nok en som ikke ved at han/hun er inficeret
Michael



"Saint_John" <saint_john@trustme.dk> skrev i en meddelelse
news:3bbf167e$0$42103$edfadb0f@dspool01.news.tele.dk...
> Hej Gruppe
>
> Nu er det mig til at spørge dumt.
>
> Jeg har en SME Server V 5.0 til at køre en hjemmeside & mail.
>
> Men min sikkerheds log er flydt med nedenstående
>
>
> Sat Oct 6 00:52:55 2001] [error] [client 62.243.159.101] File does not
> exist: /home/e-smith/files/primary/html/scripts/root.exe
> [Sat Oct 6 00:52:55 2001] [error] [client 62.243.159.101] File does not
> exist: /home/e-smith/files/primary/html/MSADC/root.exe
> [Sat Oct 6 00:52:56 2001] [error] [client 62.243.159.101] File does not
> exist: /home/e-smith/files/primary/html/c/winnt/system32/cmd.exe
> [Sat Oct 6 00:52:56 2001] [error] [client 62.243.159.101] File does not
> exist: /home/e-smith/files/primary/html/d/winnt/system32/cmd.exe
> [Sat Oct 6 00:52:57 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
> [Sat Oct 6 00:52:58 2001] [error] [client 62.243.159.101] File does not
> exist:
>
/home/e-smith/files/primary/html/_vti_bin/..%5c../..%5c../..%5c../winnt/syst
> em32/cmd.exe
> [Sat Oct 6 00:52:58 2001] [error] [client 62.243.159.101] File does not
> exist:
>
/home/e-smith/files/primary/html/_mem_bin/..%5c../..%5c../..%5c../winnt/syst
> em32/cmd.exe
> [Sat Oct 6 00:52:58 2001] [error] [client 62.243.159.101] File does not
> exist:
>
/home/e-smith/files/primary/html/msadc/..%5c../..%5c../..%5c/..Á../..Á../.
> .Á../winnt/system32/cmd.exe
> [Sat Oct 6 00:52:59 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..Á../winnt/system32/cmd.exe
> [Sat Oct 6 00:53:00 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..À¯../winnt/system32/cmd.exe
> [Sat Oct 6 00:53:01 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..Áo../winnt/system32/cmd.exe
> [Sat Oct 6 00:53:02 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
> [Sat Oct 6 00:53:03 2001] [error] [client 62.243.159.101] File does not
> exist:
> /home/e-smith/files/primary/html/scripts/..%2f../winnt/system32/cmd.exe
> [Sat Oct 6 01:00:10 2001] [error] mod_ssl: Cannot open SSLSessionCache
DBM
> file `/etc/httpd/logs/ssl_scache' for writing (store) (System error
follows)
> [Sat Oct 6 01:00:10 2001] [error] System: Permission denied (errno: 13)
>
>
> ....så er spørgsmålet om jeg er mig der er en klovn eller der er nogle der
> burde få sig et liv !!!
>
> /Saint_John
>
>

---

"Michael" <Take_no_crap@at_all.dk> wrote in message
news:9pn71a$2pjg$1@news.cybercity.dk...
> hej Igen
>
> Nu tjekkede jeg på ripe og svaret var ->
>
> : TDC-TELEDANMARK-BREDBAANDSADSL-NET
> descr: IP addresses for ADSL users in
> descr: Tele Danmark\'s IP backbone.
> descr: Location: Albertslund
> descr: Box: albnxx1
>
> Så det er nok en som ikke ved at han/hun er inficeret
> Michael

Hej Michael

Den tanke stejfede mig ikke. Men der er da klart som postevand at det nok er
Nimda eller Code red der er på spil. Så er det godt det er en Linux Dose

Gide alle folk tog deres Anti Virus alvorlig...jeg kan se min log vælte over
med det
bras...

Tak for hjælpen.

/Saint John

---

"Michael" <Take_no_crap@at_all.dk> wrote in message
news:9pn71a$2pjg$1@news.cybercity.dk...
> hej Igen
>
> Nu tjekkede jeg på ripe og svaret var ->
>
> : TDC-TELEDANMARK-BREDBAANDSADSL-NET
> descr: IP addresses for ADSL users in
> descr: Tele Danmark\'s IP backbone.
> descr: Location: Albertslund
> descr: Box: albnxx1
>
> Så det er nok en som ikke ved at han/hun er inficeret
> Michael

Mail med indhold af logfil sendt til abuse@post.tele.dk

Så håber jeg de giver sig tid til at kontakte kunden /ne
Der var 4 forskellinge IP nummer !!

/Saint John

---

Hej "John"

> Men min sikkerheds log er flydt med nedenstående

Det er Code Red, Code Red 2, og Nimda aktivitet du har i loggen ! .. Det har
ikek den store betydning med mindre du har en U-patchet version af IIS ! :)

Du vil gennemsnitlig blive angrebet 40 gange i timen, af den slags aktivitet
!

.... Venligst ... El