Security Incidents mailing list archives
GET /proxy-test.php
From: Joe Blatz <sd_wireless () yahoo com>
Date: Sun, 26 May 2002 10:14:12 -0700 (PDT)
I spent 18 hours yesterday (including flight time) cleaning up the mess made by some hacker in the Netherlands. He was using an unpatched IIS server for his own ends. (yes, i know this couldn't have happened without poor administration, but i am not the admin so please don't yell at me) As you might expect, I am keeping a very close watch on this box, and the network on which it resides. While looking at the IIS logs I saw an odd entry and was wondering if anyone here has seen anything similar. I've searched Google and was unable to find anything that looked related. 2002-05-26 12:13:14 212.244.x.x - x.x.x.x 80 GET /proxy-test.php - 404 Mozilla/3.01+(PZ) This could simply be a case of a mis-typed IP address in a browser, but I would like to know if anyone is aware of a legitimate program or a hack that would have "proxy-test.php" residing on a webserver. __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- GET /proxy-test.php Joe Blatz (May 26)
- <Possible follow-ups>
- Re: GET /proxy-test.php Keyser Soze (May 28)