I spent 18 hours yesterday (including flight time) cleaning up the mess made by some hacker in the Netherlands. He was using an unpatched IIS server for his own ends. (yes, i know this couldn't have happened without poor administration, but i am not the admin so please don't yell at me) As you might expect, I am keeping a very close watch on this box, and the network on which it resides. While looking at the IIS logs I saw an odd entry and was wondering if anyone here has seen anything similar. I've searched Google and was unable to find anything that looked related. 2002-05-26 12:13:14 212.244.x.x - x.x.x.x 80 GET /proxy-test.php - 404 Mozilla/3.01+(PZ) This could simply be a case of a mis-typed IP address in a browser, but I would like to know if anyone is aware of a legitimate program or a hack that would have "proxy-test.php" residing on a webserver. __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 18:08:25 PDT