[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Hacking my Raq4i???

Subject: Re: [cobalt-security] Hacking my Raq4i???
From: "Stephen Rice" <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 6 Aug 2001 19:50:00 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> This is a piece of my last downloaded log-file from my Raq4i, I have
several
> websites and I've already installed all the patches Cobalt released.
> I am concerned about the following activity logfile display every few
> minutes in several websites. I'm afraid it looks like a systematic attempt
> to break into the server.
It is! It's the Code Red worm or a derivative. However this only affects
Microsoft IIS, and not the Linux/Apache that Raqs use. You're safe to sit
back and watch this one happen. We ourselves have logged about 100 of these
requests over the past 6 days.

If you get bored, you could notify the people running these IP addresses
that there's most likely an executable been installed on their website that
allows anyone root-level access to their webserver!

> I've only copied a sample to minimize email size.
That's quite enough, thankyou :o)

Hope this helps
Stephen

References:
- [cobalt-security] Hacking my Raq4i???
  - From: Rodrigo Velasco

Prev by Date: RE: [cobalt-security] Hacking my Raq4i???
Next by Date: RE: [cobalt-security] Hacking my Raq4i???
Previous by thread: Re: [cobalt-security] Hacking my Raq4i???
Next by thread: RE: [cobalt-security] Hacking my Raq4i???

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index