[Cialug] Linux/Lupper.worm

Dave J. Hala Jr. dave at 58ghz.net
Tue Nov 8 12:20:31 CST 2005


I've got some attempts dating back to Oct 12th...

On Tue, 2005-11-08 at 12:14, Paul Gray wrote:
> On Tue, Nov 08, 2005 at 10:41:13AM -0600, David Champion wrote:
> > Check this out...
> > 
> > http://vil.nai.com/vil/content/v_136821.htm
> > 
> > I've noticed some scans on one of my servers, looking for awstats (which 
> > I don't have installed), but nothing indicating an intrusion.
> 
> My server's are being hit too.....
> 
> [03/Nov/2005:13:22:29 -0600]
> [bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/cgi-bin/awstats.pl] Access denied
> with code 500. Pattern match "^$" at HEADER(USER-AGENT)
> [03/Nov/2005:13:22:30 -0600]
> [bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/awstats/awstats.pl] Access denied
> with code 500. Pattern match "^$" at HEADER(USER-AGENT)
> [03/Nov/2005:13:22:31 -0600]
> [bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/cgi-bin/awstats/awstats.pl] Access
> denied with code 500. Pattern match "^$" at HEADER(USER-AGENT)
> [03/Nov/2005:13:22:32 -0600]
> [bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/cgi/awstats/awstats.pl] Access
> denied with code 500. Pattern match "^$" at HEADER(USER-AGENT)
> [03/Nov/2005:13:22:33 -0600]
> [bccd.cs.uni.edu/sid#80b210c][rid#80a4aec][/scripts/awstats.pl] Access denied
> with code 500. Pattern match "^$" at HEADER(USER-AGENT)
> 
> Although I don't have awstats installed, it's good to see mod_security
> thwarting the requests.
-- 

Open Source Information Systems, Inc. (OSIS)
Dave J. Hala Jr., President <dave at osis.us>
641.485.1606



More information about the Cialug mailing list