[imp] Apache errors regarding IMP

Jan Schneider jan@horde.org
Mon Oct 21 11:00:11 2002

Previous message: [imp] Apache errors regarding IMP
Next message: [imp] problems logging in with customized login.php
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zitat von Chuck Hagenbuch <chuck@horde.org>:

> Quoting Jan Schneider <jan@horde.org>:
> 
> > And to be more specific: It's a virus probably contained in a mail
> > attachment you opened with imp.
> >
> > > > 202.64.220.x - - [20/Oct/2002:21:16:28 +0800] "GET
> > >
> > /horde/imp/view.php?
> thismailbox=INBOX&index=1941&id=2&actionID=113&mime=9d1caf7ffd290b8e7ebeecde
> d7496350
> > > HTTP/1.1" 200 5894947
> > > > 202.64.220.x - - [20/Oct/2002:21:17:09 +0800] "GET
> > > /scripts/root.exe?/c+dir HTTP/1.1" 404 295
> 
> I doubt it. These requests are separated by half a minute, and the virus
> isn't one propogated by attachments; it's a web server/service scan
> thing.
> Don't remember the name right now.

Oh yes, I didn't look that close to the timestamp and rather guessed from
the fact that both request came (probably) from the same ip.
"Virus" may not be very specific, "worm" would have been more exact. And
yes, it may also be a script kiddy's scanning tool.

Jan.

--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft

Previous message: [imp] Apache errors regarding IMP
Next message: [imp] problems logging in with customized login.php
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]