Security Incidents mailing list archives
ACB8DE69.ipt.aol.com scans
From: "Dino" <slayer67 () apk net>
Date: Sat, 28 Jul 2001 08:48:51 -0400
I was checking logs this week on the web server and noticed that I got alot of hits on July 24. Only thing this probed caused was adding over 400 hundred lines to the logs. (I run Apache on Linux) Well they were probes/scans from: Name: ACB8DE69.ipt.aol.com Address: 172.184.222.105 Looks like an automatted Web Scan Prober ;) ** I have attached all the logs for this IP to keep the email short ** Tue Jul 24 10:14:58 2001] [error] [client 172.184.222.105] script not found or unable to stat: /web_dir/cgi-bin/bb-hist.sh [Tue Jul 24 10:14:59 2001] [error] [client 172.184.222.105] File does not exist: /web_dir/_vti_bin/shtml.dll [Tue Jul 24 10:14:59 2001] [error] [client 172.184.222.105] File does not exist: /web_dir/_vti_bin/shtml.exe [Tue Jul 24 10:15:00 2001] [error] [client 172.184.222.105] File does not exist: /web_dir/admin/includes/ [Tue Jul 24 10:15:02 2001] [error] [client 172.184.222.105] File does not exist: /web_dir/_vti_inf.html [Tue Jul 24 10:15:02 2001] [error] [client 172.184.222.105] File does not exist: /web_dir/_vti_pvt/administrators.pwd [Tue Jul 24 10:15:03 2001] [error] [client 172.184.222.105] File does not exist: /web_dir/_vti_pvt/authors.pwd and so on and on and on ... See attachement for more. ------------------------------------------ Dino ------------------------------------------
Attachment:
log.txt
Description:
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ACB8DE69.ipt.aol.com scans Dino (Jul 29)