According to a thread at http://www.webmasterworld.com/forum39/2173.htm its the IIS WebDAV exploit: http://edgeos.com/threats/details.php?id=11413 http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx I normally run portsentry. It catches alot of scans coming across the net. Mike. On Fri, 2004-08-13 at 18:00, Michael Mansour wrote: > Hi, > > I'm using Logwatch 5.2.2 and in email today it emailed > me the following: > > --------------------- httpd Begin > ------------------------ > > A total of 4 sites probed the server > 203.218.141.123 > 203.206.246.90 > 203.218.200.154 > > !!!! 3 possible successful probes > /css/phpmyadmin.css.php?js_frame=left&num_dbs=0 HTTP > Response 200 > > /css/phpmyadmin.css.php?lang=en-iso-8859-1&js_frame=right > HTTP Response 200 > > /css/phpmyadmin.css.php?lang=en-iso-8859-1&js_frame=left&num_dbs=0 > HTTP Response 200 > > ---------------------- httpd End > ------------------------- > > What does this mean exactly? > > In my /var/log/httpd/access.log I see the following > for 203.218.141.123: > > 203.218.141.123 - - [13/Aug/2004:21:43:40 +1000] > "SEARCH > /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 > 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 > > which goes on for a couple of pages. I think the above > is from a virus on their systems, but the probing > stuff concerns me. > > I'm running phpMyAdmin 2.5.7-pl1, the latest stable. > > Thanks. > > Michael. > > Michael. > > Find local movie times and trailers on Yahoo! Movies. > http://au.movies.yahoo.com >
