[imp] Apache errors regarding IMP
Jan Schneider
jan@horde.org
Mon Oct 21 11:00:11 2002
Zitat von Chuck Hagenbuch <chuck@horde.org>:
> Quoting Jan Schneider <jan@horde.org>:
>
> > And to be more specific: It's a virus probably contained in a mail
> > attachment you opened with imp.
> >
> > > > 202.64.220.x - - [20/Oct/2002:21:16:28 +0800] "GET
> > >
> > /horde/imp/view.php?
> thismailbox=INBOX&index=1941&id=2&actionID=113&mime=9d1caf7ffd290b8e7ebeecde
> d7496350
> > > HTTP/1.1" 200 5894947
> > > > 202.64.220.x - - [20/Oct/2002:21:17:09 +0800] "GET
> > > /scripts/root.exe?/c+dir HTTP/1.1" 404 295
>
> I doubt it. These requests are separated by half a minute, and the virus
> isn't one propogated by attachments; it's a web server/service scan
> thing.
> Don't remember the name right now.
Oh yes, I didn't look that close to the timestamp and rather guessed from
the fact that both request came (probably) from the same ip.
"Virus" may not be very specific, "worm" would have been more exact. And
yes, it may also be a script kiddy's scanning tool.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft