Hi, my apache web server is moaning about one local client (my son's)
trying to access non-existent pages, in a pattern that looks as though
W*Ws malware is present there. My son claims to have done a full avast
scan with nothing showing up. and disclaims knowledge of anything
unusual on his machine.
His machine has also tried to access my internet modem/router; it
shouldn't even be aware of the existence of that, as he's on a separate
network arm from that router, tucked behind a freebsd router/server box.
It's happened twice today, same set of URLs being logged. My quick fix
is to pull the plug on him; but if anyone could recognise the URLs
involved, it might help a more sociable resolution :-)
They are (alpha order)
/cgi-bin/a2/out.cgi
/cgi-bin/ajaxmail
/cgi-bin/arr/index.shtml
/cgi-bin/at3/out.cgi
/cgi-bin/atc/out.cgi
/cgi-bin/atx/out.cgi
/cgi-bin/auth
/cgi-bin/bbs/
postlist.pl
/cgi-bin/bbs/
postshow.pl
/cgi-bin/bp_revision.cgi
/cgi-bin/br5.cgi
/cgi-bin/click.cgi
/cgi-bin/clicks.cgi
/cgi-bin/crtr/out.cgi
/cgi-bin/fg.cgi
/cgi-bin/findweather/getForecast
/cgi-bin/findweather/hdfForecast
/cgi-bin/frame_html
/cgi-bin/getattach
/cgi-bin/hotspotlogin.cgi
/cgi-bin/hslogin.cgi
/cgi-bin/ib/
301_start.pl
/cgi-bin/index
/cgi-bin/index.cgi
/cgi-bin/krcgi
/cgi-bin/krcgistart
/cgi-bin/link
/cgi-bin/login
/cgi-bin/login.cgi
/cgi-bin/logout
/cgi-bin/mainmenu.cgi
/cgi-bin/mainsrch
/cgi-bin/msglist
/cgi-bin/navega
/cgi-bin/openwebmail/
openwebmail-main.pl
/cgi-bin/out.cgi
/cgi-bin/passremind
/cgi-bin/rbaccess/rbcgi3m01
/cgi-bin/rbaccess/rbunxcgi
/cgi-bin/readmsg
/cgi-bin/
rshop.pl
/cgi-bin/search.cgi
/cgi-bin/spcnweb
/cgi-bin/sse.dll
/cgi-bin/start
/cgi-bin/te/o.cgi
/cgi-bin/tjcgi1
/cgi-bin/top/out
/cgi-bin/traffic/process.fcgi
/cgi-bin/verify.cgi
/cgi-bin/webproc
/cgi-bin/webscr
/cgi-bin/
wingame.pl
/das/cgi-bin/session.cgi
/fcgi-bin/dispatch.fcgi
/fcgi-bin/performance.fcgi
/redir/cgi-bin/ajaxmail
/rom-0
Thanks in advance for any pointers.
--
Mike Scott (unet2 <at> [deletethis]
scottsonline.org.uk)
Harlow Essex England