looks like script kiddie tried to get me

Wed, 17 Nov 2004 00:25:18 -0800 

bsd 4.9, apache 1.3

my postnuke started emailing me with hack attempts. i look at my log and find about a half a meg of where it looks like a script kiddie tried to poke in the dark at this site. the hits are WAY too close together to be manual, here is a snip from the log

24.54.157.86 - - [17/Nov/2004:01:00:29 -0500] "GET /etc/ HTTP/1.1" 404 288 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:29 -0500] "GET /example/ HTTP/1.1" 404 292 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:30 -0500] "GET /examples/ HTTP/1.1" 404 293 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:30 -0500] "GET /exc/ HTTP/1.1" 404 288 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:30 -0500] "GET /excel/ HTTP/1.1" 404 290 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:30 -0500] "GET /exchange/ HTTP/1.1" 404 293 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:30 -0500] "GET /exe/ HTTP/1.1" 404 288 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:31 -0500] "GET /exec/ HTTP/1.1" 404 289 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:31 -0500] "GET /export/ HTTP/1.1" 404 291 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:31 -0500] "GET /external/ HTTP/1.1" 404 293 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:31 -0500] "GET /f/ HTTP/1.1" 404 286 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:31 -0500] "GET /fbsd/ HTTP/1.1" 404 289 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:31 -0500] "GET /fcgi-bin/ HTTP/1.1" 404 293 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:31 -0500] "GET /file/ HTTP/1.1" 404 289 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:32 -0500] "GET /filemanager/ HTTP/1.1" 404 296 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:32 -0500] "GET /files/ HTTP/1.1" 404 290 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:32 -0500] "GET /foldoc/ HTTP/1.1" 404 291 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
24.54.157.86 - - [17/Nov/2004:01:00:32 -0500] "GET /form/ HTTP/1.1" 404 289 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

anyone have any ideas what tool they would have used to do this. none of my other logs show any access so he/she just tried to hit the web app. we are probably going to end up calling the police when my boss wakes up, but i want to get your opinions too.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to