Security Incidents mailing list archives
CGI scans from Strauss.udel.edu -- They're back
From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Sat, 15 Apr 2000 00:45:34 -0400
Hi all, Last month I reported some campus wide probes by the machine strauss.udel.edu to our domain (cwru.edu), and many other domains turned up as being hit. A few messages back and forth and things were, we hoped, cleared up. It looks like their problem has returned. This is from my logs the other day:
From a web server:
strauss.udel.edu - - [13/Apr/2000:00:24:43 -0400] "GET /cgi-bin/counter/nl/ord/lang=english(1);system("$ENV{HTTP_X}"); HTTP/1.0" 404 256
From a workstation:
[13/Apr/1999:00:15:11] config: for host strauss.udel.edu trying to GET /c gi-bin/counter/nl/ord/lang=english(1);system("$ENV{HTTP_X}");, check-acl reports: ACL name httpd-nameserver-WRITE not defined A memo was sent on Thursday, but no response has yet been received. I know at least one other site admin has contacted me with the same scan, so it will most likely be widespread. I'd like to know what function strauss.udel.edu servrs. Is it a general udel.edu campus web proxy? By cutting it off at the border will I cut off every legitimate user, too, from udel.edu? Thanks, jose nazario jose () biochemistry cwru edu PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Current thread:
- CGI scans from Strauss.udel.edu -- They're back Jose Nazario (Apr 14)
- Re: CGI scans from Strauss.udel.edu -- They're back Tom Perrine (Apr 15)
- Re: CGI scans from Strauss.udel.edu -- They're back Matthew S. Hallacy (Apr 16)
- Re: CGI scans from Strauss.udel.edu -- They're back Omachonu Ogali (Apr 18)
- Rapid Web page harvesting, probably by marketing firm Brett Glass (Apr 18)
- Frontpage Exploits Keith McCammon (Apr 19)
- Re: CGI scans from Strauss.udel.edu -- They're back Elliot L. Tobin (Apr 17)
- Re: CGI scans from Strauss.udel.edu -- They're back Dragos Ruiu (Apr 17)
- Re: CGI scans from Strauss.udel.edu -- They're back Ryan Russell (Apr 18)
- Re: CGI scans from Strauss.udel.edu -- They're back Bryan Seitz (Apr 19)
- Re: CGI scans from Strauss.udel.edu -- They're back Marcelo Magnasco (Apr 18)
(Thread continues...)