To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Kettlewell, Larry [KO] wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > > > ------------------------------------------------------------------------ > > Caught this overnight note: robots in the meta—is this a bot recon? > > > > Larry Kettlewell > > Chief Information Security Officer > > Kansas State Government > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > 785-296-8434 > > > > HTTP connection > > Host : 200.241.179.135 (legolas.mslink.com.br) Requested document : > //cgi/stats/awstats.pl Protocol version : HTTP/1.1 Agent host info : > 165.201.76.86 Agent language : en-us Agent type : Mozilla/4.0 > (compatible; MSIE 6.0; Windows 98) Connection mode : Close Accept > encoding : gzip, deflate Accept types : > > Time : Wed May 03 22:28:32 2006 > > > > Log: > > Client connecting: 200.241.179.135 > > <---GET //cgi/stats/awstats.pl HTTP/1.1 > > <---Accept: */* > > <---Accept-Language: en-us > > <---Accept-Encoding: gzip, deflate > > <---User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) > > <---Host: 165.201.xx.xx > > <---Connection: Close > > --->HTTP/1.1 404 Object Not Found > > --->Server: Microsoft-IIS/6.0 > > --->Date: Wed May 03 22:28:32 2006 > > --->Content-Type: text/html > > --->Connection: close > > --->Content-Lenght: 233 > > ---><html><head><title>Error 404</title><meta name="robots" > > --->content="noindex"><META HTTP-EQUIV="Content-Type" > > --->CONTENT="text/html; charset=iso-8859-1"></head><body><h2>HTTP Error > > --->404</h2><p><strong>404 Not found</strong></p></body></html> > > Closing connection with 200.241.179.135 > > > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Looks like a recon for a vulnerable awstats.pl. If successful, the next step is a rootkit. I have been down that road before. *blush* Randy -- Best Regards, Randal Vaughn Professor, Information Systems Baylor University (254) 710 4756 _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
