July 14, 2003

Already being hacked? or attempts to hack the box

I was checking the server logs yesterday and I found some failed attempts for a certain IP address trying to compromise this webserver.

If you have done your homework, the hack is an attempt to gain admin priviledges on a web server by exploiting a flaw in the FrontPage Extensions and IIS.

FrontPage Extensions???? I haven't used that stuff since 1998.
IIS???? This is not a Microsoft Web Server.

Well, come to find out that this is really just the old school 2001, Nimda Virus, still looking for web servers to attack.
It's searching for _vti_bin/owssvr.dll and /Msoffice/ cltreq.asp in particular

Here is some info that I found helpful @ TruSecure.com .

Update: 01/15/2005The above link to TruSecure has changed: TruSecure Alert - TSA-01-024

Posted by akvalley at July 14, 2003 06:43 AM | TrackBack
Comments

The TruSecure.com page mentioned in the posting has been moved … pity as I would have liked to read it.
R

Posted by: Roger Cornwell at January 14, 2005 08:38 AM

the link doesnt work.. is there another source to read about cltreq.asp

Joe
@ www.tech-centric.net

Posted by: tech jobs at January 15, 2005 03:53 PM
Post a comment









On-topic comments, complaints, and criticisms are welcome, but off-topic or inappropriate comments will be deleted without notice to the commentor. If you include your URL below it will be linked (and subsequently indexed by Google and the like...possibly).

Since ALL of the message text is displayed online, please maintain your personal privacy by not posting personal information.

Remember personal info?






Please enter the code as seen in the image above to post your comment.