From: Digest <deadmail>
To: "OS/2GenAu Digest"<deadmail>
Date: Fri, 8 Nov 2002 00:02:01 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600
Subject: [os2genau_digest] No. 485
Reply-To: <deadmail>
X-List-Unsubscribe: www.os2site.com/list/

**************************************************
Thursday 07 November 2002
 Number  485
**************************************************

Subjects for today
 
1  Re: [os2genau] Flatbed scanner, parallelport. : Kenneth Bucio <kenneth.bucio at ddf.dk>
2  Re: [os2genau] Flatbed scanner, parallelport. : Kenneth Bucio <kenneth.bucio at ddf.dk>
3  [os2genau] Apache log : brianb at kdfisher dot com dot au
4  Re: [os2genau] Apache log : Ian Manners" <deadmail>
5  Re: [os2genau] Apache log : brianb at kdfisher dot com dot au
6  [os2genau] Ian Manners Off List discussion : brianb at kdfisher dot com dot au
7  Re: [os2genau] Apache log : Chris Graham [WarpSpeed]" <chrisg at warpspeed dot com dot au>
8  Re: [os2genau] Apache log : Ian Manners" <deadmail>
9  Re: [os2genau] Flatbed scanner, parallelport. : Alan Duval" <amoht at ozemail dot com dot au>

**= Email   1 ==========================**

Date:  Wed, 06 Nov 2002 20:51:23 +0100
From:  Kenneth Bucio <kenneth.bucio at ddf.dk>
Subject:  Re: [os2genau] Flatbed scanner, parallelport.

Hi.

Thank you for your proposals.
Now I have something to try.

rgds. Kenneth Bucio


----------------------------------------------------------------------------------
 

**= Email   2 ==========================**

Date:  Wed, 06 Nov 2002 23:12:22 +0100
From:  Kenneth Bucio <kenneth.bucio at ddf.dk>
Subject:  Re: [os2genau] Flatbed scanner, parallelport.

That is correct.
Kenneth Bucio

Ed Durrant wrote:

>Hi Brian
>
>............................his scanner is a parrallel port model
>not a SCSI one.
>
>Ed.
>  
>

----------------------------------------------------------------------------------
 

**= Email   3 ==========================**

Date:  Thu, 7 Nov 2002 12:12:00 +0930
From:  brianb at kdfisher dot com dot au
Subject:  [os2genau] Apache log

Hi all,
I have found a set of entries in the Apache logs that I need
explaining.
It seems somebody is trying to break in to the system but
I am unable to figure out just what they are up to.
They seem to think they are on an NT machine not
an OS/2 machine.

I would appreciate any advice!

The relevant entries follow.

Access Log
==========
202.98.249.147 - - [05/Nov/2002:14:36:52 +0000] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 286
202.98.249.147 - - [05/Nov/2002:14:36:54 +0000] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 284
202.98.249.147 - - [05/Nov/2002:14:36:59 +0000] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 294
202.98.249.147 - - [05/Nov/2002:14:37:03 +0000] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 294
202.98.249.147 - - [05/Nov/2002:14:37:05 +0000] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
202.98.249.147 - - [05/Nov/2002:14:37:16 +0000] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 325
202.98.249.147 - - [05/Nov/2002:14:37:17 +0000] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 325
202.98.249.147 - - [05/Nov/2002:14:37:19 +0000] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

HTTP/1.0" 404 341
202.98.249.147 - - [05/Nov/2002:14:37:24 +0000] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307
202.98.249.147 - - [05/Nov/2002:14:37:26 +0000] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307
202.98.249.147 - - [05/Nov/2002:14:37:27 +0000] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307
202.98.249.147 - - [05/Nov/2002:14:37:29 +0000] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307
202.98.249.147 - - [05/Nov/2002:14:37:31 +0000] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 291
202.98.249.147 - - [05/Nov/2002:14:37:32 +0000] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 291
202.98.249.147 - - [05/Nov/2002:14:37:34 +0000] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
202.98.249.147 - - [05/Nov/2002:14:37:36 +0000] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308

211.161.25.98 - - [06/Nov/2002:08:22:19 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:22:22 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:22:43 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:23:31 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:24:35 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:25:40 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:26:43 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:27:47 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:28:51 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:29:55 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:30:59 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:32:03 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297
211.161.25.98 - - [06/Nov/2002:08:33:07 +0000] "GET
http://www8.big.or.jp/~000/CyberSyndrome/evc.html HTTP/1.0" 404 297


Error Log
========
[Tue Nov  5 14:36:52 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/scripts/root.exe
[Tue Nov  5 14:36:54 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/msadc/root.exe
[Tue Nov  5 14:36:59 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/c/winnt/system32/cmd.exe
[Tue Nov  5 14:37:03 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/d/winnt/system32/cmd.exe
[Tue Nov  5 14:37:05 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Tue Nov  5 14:37:16 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/_vti_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Tue Nov  5 14:37:17 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/_mem_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
[Tue Nov  5 14:37:19 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/msadc/..%5c../..%5c../..%5c/..../...../..
../winnt/system32/cmd.exe
[Tue Nov  5 14:37:24 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/scripts/..../winnt/system32/cmd.exe
[Tue Nov  5 14:37:27 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/scripts/../winnt/system32/cmd.exe
[Tue Nov  5 14:37:29 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/scripts/..?/winnt/system32/cmd.exe
[Tue Nov  5 14:37:34 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Tue Nov  5 14:37:36 2002] [error] [client 202.98.249.147] File does not
exist: e:/apache/htdocs/scripts/..%2f/winnt/system32/cmd.exe

[Wed Nov  6 08:22:19 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:22:22 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:22:43 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:23:31 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:24:35 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:25:40 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:26:43 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:27:47 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:28:51 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:29:55 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:30:59 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:32:03 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html
[Wed Nov  6 08:33:07 2002] [error] [client 211.161.25.98] File does not
exist: e:/000/public_html/cybersyndrome/evc.html


-----------------------------------------
Brian Butler
System Administrator
brianb at kdfisher dot com dot au


----------------------------------------------------------------------------------
 
**= Email   4 ==========================**

Date:  Thu, 07 Nov 2002 12:48:51 +1100 (EDT)
From:  "Ian Manners" <deadmail>
Subject:  Re: [os2genau] Apache log

Hi Brian

>They seem to think they are on an NT machine not
>an OS/2 machine.

Just kiddie scripters, no need to worry you can safely ignore
it. I have an entry in my firewall to drop those packages to
keep my logs cleaner for viewing, actually, I have several
entrys to remove all sorts of scans from kiddie scripters,
worms, etc.

You should join the Apache list at
 http://silk.apana dot org dot au/mailman/listinfo/apache2

Cheers
Ian B Manners
http://www.os2site dot com/


121. You never really learn to swear until you learn to drive.
----------------------------------------------------------------------------------
 

**= Email   5 ==========================**

Date:  Thu, 7 Nov 2002 12:18:44 +0930
From:  brianb at kdfisher dot com dot au
Subject:  Re: [os2genau] Apache log


Ian,
Thanks. I will get on the Apache list.


-----------------------------------------
Brian Butler
System Administrator
brianb at kdfisher dot com dot au


----------------------------------------------------------------------------------
 

**= Email   6 ==========================**

Date:  Thu, 7 Nov 2002 13:28:56 +0930
From:  brianb at kdfisher dot com dot au
Subject:  [os2genau] Ian Manners Off List discussion


Ian,
Could you send me your off list e-mail address please.
I would like to discuss some aspects of web site
security with you off the genau list.
Thanks

-----------------------------------------
Brian Butler
System Administrator
brianb at kdfisher dot com dot au


----------------------------------------------------------------------------------
 

**= Email   7 ==========================**

Date:  Thu, 07 Nov 2002 21:58:55 +1100 (EDT)
From:  "Chris Graham [WarpSpeed]" <chrisg at warpspeed dot com dot au>
Subject:  Re: [os2genau] Apache log

On Thu, 07 Nov 2002 12:48:51 +1100 (EDT), Ian Manners wrote:

>Hi Brian
>
>>They seem to think they are on an NT machine not
>>an OS/2 machine.
>
>Just kiddie scripters, no need to worry you can safely ignore
>it. I have an entry in my firewall to drop those packages to
>keep my logs cleaner for viewing, actually, I have several
>entrys to remove all sorts of scans from kiddie scripters,
>worms, etc.

InJoy filter scripts?
Care to share them?
Yes, I'd like to be able to drop the odd bad/malicious packet.

>You should join the Apache list at
> http://silk.apana dot org dot au/mailman/listinfo/apache2
>
>Cheers
>Ian B Manners
>http://www.os2site dot com/
>
>
>121. You never really learn to swear until you learn to drive.

> 

>

-Chris

WarpSpeed Computers - The Graham Utilities for OS/2.
Voice:  +61-3-9307-0611  PO Box 212   FidoNet:     3:632/344
FAX:    +61-3-9307-0633  Brunswick    Internet:    chrisg at warpspeed dot com dot au
BBS:    +61-3-9307-0644  VIC 3056     CompuServe:  100250,1645
300-28,800  N,8,1 ANSI   Australia    Web Page:
                                      http://www.warpspeed dot com dot au



----------------------------------------------------------------------------------
 

**= Email   8 ==========================**

Date:  Thu, 07 Nov 2002 23:03:34 +1100 (EDT)
From:  "Ian Manners" <deadmail>
Subject:  Re: [os2genau] Apache log

Hi Chris

>InJoy filter scripts?
>Care to share them?

DROP-RUBBISH		Filter-Status = Always,
		Filter-Root = Yes,
		Comment = "Drop exe?/c+ probes",
		Filter-Scope = Incoming-Packets,
		Protocol = TCP,
		Port = 80,
		Offset-Relativity = Data-Start,
		Offset = Search-All,
		Hex-String = "\x65\x78\x65\x3F\x2F\x63\x2B",
		Action = Drop-Packet,

DROP-CODERED		Filter-Status = Always,
		Filter-Root = Yes, 
		Comment = "Remove CodeRed via Hex-String match", 
		Filter-Scope = Incoming-Packets,
		Offset-Relativity = Data-Start, 
		Offset = Search-All, 
		Hex-String = "\x64\x65\x66\x61\x75\x6C\x74\x2E\x69\x64\x61",
		Action = Drop-Packet,


These need to be the first filters in the file, also note that
they can be plain text, ie :-

		Hex-String = "exe?/c+",


will also work, I just get into hex mode sometimes.

Cheers
Ian B Manners
http://www.os2site dot com/


Does the name Pavlov ring a bell?
----------------------------------------------------------------------------------
 

**= Email   9 ==========================**

Date:  Thu, 07 Nov 2002 22:18:13 -0500 (EST)
From:  "Alan Duval" <amoht at ozemail dot com dot au>
Subject:  Re: [os2genau] Flatbed scanner, parallelport.

On Wed, 06 Nov 2002 01:27:22 +0100, Kenneth Bucio wrote:

>Hi all.
>
>Can anyone help me?
>I have got a Plustek OpticPro 96000P scanner without any kind of software.
>I have looked for drivers, but they are all for SCSI but my scanner is 
>designed to be connected to my parallel port.
>What do I do?
>
>Warp 4, fp 15, ASUS K7M slot A m.board.
>
>Best rgds. Kenneth Bucio

Might be worth downloading Copyshop2 from Hobbes as it has a driver with it.

Regards

Alan Duval

----------------------------------------------------------------------------------
 

