[Cialug] Linux/Lupper.worm
Paul Gray
gray at cs.uni.edu
Tue Nov 8 12:14:15 CST 2005
On Tue, Nov 08, 2005 at 10:41:13AM -0600, David Champion wrote:
> Check this out...
>
> http://vil.nai.com/vil/content/v_136821.htm
>
> I've noticed some scans on one of my servers, looking for awstats (which
> I don't have installed), but nothing indicating an intrusion.
My server's are being hit too.....
[03/Nov/2005:13:22:29 -0600]
[bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/cgi-bin/awstats.pl] Access denied
with code 500. Pattern match "^$" at HEADER(USER-AGENT)
[03/Nov/2005:13:22:30 -0600]
[bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/awstats/awstats.pl] Access denied
with code 500. Pattern match "^$" at HEADER(USER-AGENT)
[03/Nov/2005:13:22:31 -0600]
[bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/cgi-bin/awstats/awstats.pl] Access
denied with code 500. Pattern match "^$" at HEADER(USER-AGENT)
[03/Nov/2005:13:22:32 -0600]
[bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/cgi/awstats/awstats.pl] Access
denied with code 500. Pattern match "^$" at HEADER(USER-AGENT)
[03/Nov/2005:13:22:33 -0600]
[bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/scripts/awstats.pl] Access denied
with code 500. Pattern match "^$" at HEADER(USER-AGENT)
Although I don't have awstats installed, it's good to see mod_security
thwarting the requests.
--
Paul Gray -o)
323 Wright Hall /\\
University of Northern Iowa _\_V
Message void if penguin violated ... Don't mess with the penguin
No one says, "Hey, I can't read that ASCII attachment ya sent me."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://cialug.org/pipermail/cialug/attachments/20051108/ae86428c/attachment.pgp
More information about the Cialug
mailing list