The only trend in the addresses these attempts are coming from is that,
in general, they're from the same subnet, or otherwise fairly close. I
suspect it's other Comcast customers searching nearby IP addresses for
openings. It really doesn't bother me.

As far as "having fun" goes, I was hoping that I could redirect that
request to a porn site or something, inflicting endless pop-ups on the
offending end, but didn't really think that would work since it's
unlikely there's a browser on their end.

Since someone mentioned it, besides PTF issues, where would I find a
list of items to check to ensure I don't have any Apache
vulnerabilities?

Z

> -----Original Message-----
> From: Eyers, Daniel [mailto:daniel.eyers@xxxxxxxxxxxxx]
> Sent: Friday, February 28, 2003 8:51 AM
> To: 'Web Enabling the AS400 / iSeries'
> Subject: [WEB400] Re: Revenge?
> 
> 
> Is the traffic coming from the same source IP???  perhaps 
> some firewall rules may be in order...
> 
> Does the 400 have anything like the hosts.deny file in Linux?  
> 
> dan
> 
> 
> -----Original Message-----
> From: Jim Franz [mailto:franz400@xxxxxxxxxxxx]
> Sent: Thursday, February 27, 2003 2:42 PM
> To: Web Enabling the AS400 / iSeries
> Subject: [WEB400] Re: Revenge?
> 
> 
> if you re-direct back to the sender, and the sender has no knowledge
> of these (like smtp-relay) you will be seen as "attacking" 
> their server.
> Some would say this is ok, but if lawyers & law enforcement get
> involved.....?
> No hacker (except the truly stupi# (unaware)) ever send an attack from
> their own pc.
> and btw - make sure you have no known Apache vulnerabilities 
> unpatched..
> imho
> jim
> 
> ----- Original Message -----
> From: "Metz, Zak" <Zak_Metz@xxxxxx>
> To: "Web Enabling the AS400 / iSeries" <web400@xxxxxxxxxxxx>
> Sent: Thursday, February 27, 2003 2:13 PM
> Subject: [WEB400] Revenge?
> 
> 
> > Every couple minutes in the Apache log...
> >
> > /WWW/Distortion/htdocs/scripts/root.exe
> > /WWW/Distortion/htdocs/MSADC/root.exe
> > /WWW/Distortion/htdocs/c/winnt/system32/cmd.exe
> > /WWW/Distortion/htdocs/d/winnt/system32/cmd.exe
> > /WWW/Distortion/htdocs/scripts/..
> > /WWW/Distortion/htdocs/scripts/..A?../winnt/system32/cmd.exe
> > /WWW/Distortion/htdocs/scripts/..A ../winnt/system32/cmd.exe
> > /WWW/Distortion/htdocs/scripts/..
> >
> > Is there any fun to be had redirecting these hack attempts?
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments
from your workstation or network mail system. If you are the addressee
or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.