Security Incidents mailing list archives
RE: Turnitinbot exploits webserver vulnerabilities?
From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Fri, 21 May 2004 12:43:06 -0400
<snip>
I believe turnitin.com is a legitimate service - it might be worthwhile to notify them that their crawler is possibly being abused. Apparently turnitin.com's crawler might not have checks to prevent these scans.
<snip> I didn't think about the possibility that someone's exploiting their service. Based on their claims, they spider the web for plagarism, presumably in academic papers. It's highly possible that someone's cracked it and has turned it into a sploitbot by saying "search the web for a paper containing ....cmd.exe?..... I did contact them last week about it. I sent a message very similar to the original one posted here, to every published email address on their site. I received an automated response from one of them. It probably replied to me and then copied the message to /dev/null. I guess I could be a good netizen and pick up the phone... ************************************************************************************************** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. ** this message has been scanned for viruses, vandals and malicious content ** ************************************************************************************************** --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040517 ----------------------------------------------------------------------------
Current thread:
- Turnitinbot exploits webserver vulnerabilities? Keith T. Morgan (May 20)
- RE: Turnitinbot exploits webserver vulnerabilities? Rob Shein (May 21)
- Re: Turnitinbot exploits webserver vulnerabilities? Patrick Kremer (May 21)
- RE: Turnitinbot exploits webserver vulnerabilities? James C Slora Jr (May 25)
- Re: Turnitinbot exploits webserver vulnerabilities? Patrick Kremer (May 21)
- Re: Turnitinbot exploits webserver vulnerabilities? James C. Slora Jr. (May 21)
- Re: Turnitinbot exploits webserver vulnerabilities? Lanny Trager (May 21)
- <Possible follow-ups>
- RE: Turnitinbot exploits webserver vulnerabilities? Keith T. Morgan (May 21)
- RE: Turnitinbot exploits webserver vulnerabilities? Rob Shein (May 21)