This is the great and mighty Code Red II virus in action... And the answer
to your question in this case is no. I am sure there is some backdoor that
has yet to be discovered, but this isn't it...
At one point aroun the begining of August, our servers were getting hit by
2-3 of those a second...
Shawn
----- Original Message -----
From: "Gisle Askestad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 24, 2001 5:03 AM
Subject: Active Perl vulnerable to hacker attempt?
>
> Hello group
>
> I'm runing Apache 1.3.20 and ActivePerl-5.6.0.616 and ActivePerl-5.6.0.628
(command line).
> I frequently get request like this:
>
> Server Access Logg:
> 195.173.20.3 - - [22/Aug/2001:19:08:12 +0200] "GET /default.ida?
>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%
>
u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u909
0%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%
> u0000%u00=a HTTP/1.0" 200 706
>
> I'm not sure wheather this is a hacker attemt or not, to be honest, i'm
not sure what this is at all.
> My question is whether something like this can activate Perl command line
and
> in any way access scripts on the server?
>
> Regards
>
> G. Askestad
> [EMAIL PROTECTED]
>
> _______________________________________________
> ActivePerl mailing list
> [EMAIL PROTECTED]
> http://listserv.ActiveState.com/mailman/listinfo/activeperl
>
>
_______________________________________________
ActivePerl mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/activeperl
