Home The Book Dr Articles Products Message Boards Journal Articles Search Our Surveys Surgery ESWT Dr Messages Find Good Drs video

hackers

Posted by Scott R on 4/08/01 at 11:05 (043968)

Some hackers were playing around and messed with the pictures directory. I knew it was a security hole, but had hoped it was relatively hidden from view. They did something that made cgi program no longer executable from outside the cgi-bin directory. I still haven't fixed that. For those interested, here is the path they took on their visit:

cf..mcl.starband.net - - [07/Apr/2001:17:51:22 -0500] 'GET /zz HTTP/1.0' 301 232 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:17:51:23 -0500] 'GET /zz/ HTTP/1.0' 200 187 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:00:50 -0500] 'GET /zz HTTP/1.0' 301 232 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:00:51 -0500] 'GET /zz/ HTTP/1.0' 200 187 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:08:09 -0500] 'GET /zz/ HTTP/1.0' 200 276 '-' 'Mozilla/3.01 (compatible;)'
cf..mcl.starband.net - - [07/Apr/2001:18:27:11 -0500] 'GET /zz/ HTTP/1.0' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:27:21 -0500] 'GET / HTTP/1.0' 200 211 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:27:23 -0500] 'GET /index.html HTTP/1.0' 200 13318 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:28:45 -0500] 'GET /cgi-bin/zz/fileman.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:28:54 -0500] 'GET /cgi-bin/fileman.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:28:59 -0500] 'GET /zz/cgi-bin/fileman.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:29:34 -0500] 'GET /zz/ HTTP/1.0' 200 - '-' 'Mozilla/3.01 (compatible;)'
cf..mcl.starband.net - - [07/Apr/2001:18:29:39 -0500] 'GET /zz/dileman.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:29:43 -0500] 'GET /zz/fileman.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:36:01 -0500] 'GET /root.html HTTP/1.0' 200 264 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:38:41 -0500] 'GET /index.shtml HTTP/1.0' 200 264 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:38:44 -0500] 'GET / HTTP/1.0' 200 531 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:42:43 -0500] 'GET / HTTP/1.0' 200 531 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:42:48 -0500] 'GET /sideload.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:42:56 -0500] 'GET /cgi-bin/sideload.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:59:40 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi HTTP/1.0' 200 48199 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:18:59:53 -0500] 'GET /cgi-heelspurs/manfile/sideload.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:00:10 -0500] 'GET /zz/fileman.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:00:16 -0500] 'GET /zz/sideload.cgi HTTP/1.0' 200 1535 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:00:36 -0500] 'GET /zz/fileman.cgi HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:01:20 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.0' 200 50038 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:01:32 -0500] 'GET /zz/execute.pl HTTP/1.0' 200 1409 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:01:51 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi HTTP/1.0' 200 48992 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:02:08 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=rename&name=execute.pl&newname=execute.cgi&wd= HTTP/1.0' 200 49876 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:02:26 -0500] 'GET /zz/execute.cgi HTTP/1.0' 500 531 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:03:16 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=permissions&name=execute.pl&newperm=777&wd= HTTP/1.0' 200 49866 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:03:27 -0500] 'GET /zz/sideload.cgi HTTP/1.0' 200 1535 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:03:33 -0500] 'GET /zz/execute.pl HTTP/1.0' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf..mcl.starband.net - - [07/Apr/2001:19:03:37 -0500] 'GET /zz/execute.cgi HTTP/1.0' 500 531 '-' 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)'
cf


Re: hackers

Scott R on 4/08/01 at 11:09 (043970)

Here is another visit from them:

s-s1-p4-2624.saber.net - - [07/Apr/2001:17:49:28 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 43555 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:28 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 45645 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:28 -0500] 'GET / HTTP/1.1' 200 223 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:29 -0500] 'GET /index.html HTTP/1.1' 200 13309 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:44 -0500] 'GET /zz HTTP/1.1' 301 244 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:45 -0500] 'GET /zz/ HTTP/1.1' 200 187 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:51:07 -0500] 'GET /index.html HTTP/1.1' 200 13309 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:00:59 -0500] 'GET /zz HTTP/1.1' 301 244 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:01:01 -0500] 'GET /zz/ HTTP/1.1' 200 - '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:01:13 -0500] 'GET / HTTP/1.1' 200 223 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:01:14 -0500] 'GET /index.html HTTP/1.1' 200 13318 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:03:48 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 44353 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:06:34 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 45477 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:06:42 -0500] 'GET /zz HTTP/1.1' 301 244 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:06:47 -0500] 'GET /zz/ HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:18:12 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 46292 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:18:48 -0500] 'GET /zz/cgitelnet.pl HTTP/1.1' 200 23068 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:21:48 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 47023 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:23:34 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 47980 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:24:10 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 48808 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:24:34 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 49612 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:24:40 -0500] 'GET / HTTP/1.1' 200 223 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:26:18 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 49508 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:26:52 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=permissions&name=sideload.cgi&newperm=755&wd= HTTP/1.1' 200 49488 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:27:35 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=permissions&name=cgi-lib.pl&newperm=755&wd= HTTP/1.1' 200 37520 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:27:46 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=permissions&name=data.dat&newperm=777&wd= HTTP/1.1' 200 49476 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:28:24 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=permissions&name=transfer.dat&newperm=777&wd= HTTP/1.1' 200 49481 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:28:53 -0500] 'GET /zz/sideload.cgi HTTP/1.1' 200 1547 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:15 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:17 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1360 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:17 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:19 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:28 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:28 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:40 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:47 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:10 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:11 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1367 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:11 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:13 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:23 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:23 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:30 -0500] 'GET /rootcore.html HTTP/1.1' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:45 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:37 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:38 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1363 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:39 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:41 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:49 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:50 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:35:28 -0500] 'GET /root.html HTTP/1.1' 200 264 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:37:55 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:37:56 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1365 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:37:56 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:37:58 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:38:08 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:38:08 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:38:12 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:38:17 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:08 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:09 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1368 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:10 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:11 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:21 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:21 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:26 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:30 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:41:52 -0500] 'GET /index.html HTTP/1.1' 200 13318 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:13 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:14 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1367 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:14 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:15 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:25 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:25 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:34 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:24 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:25 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1367 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:26 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:27 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:37 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:37 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:44:02 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:12:24 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:19:53 -0500] 'GET /zz/sideload.cgi HTTP/1.1' 200 1547 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:20:52 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:20:57 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/home/heelspurs HTTP/1.1' 200 1365 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:20:57 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/home/heelspurs HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:20:59 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/home/heelspurs HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/home/heelspurs' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:21:08 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:21:08 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/home/heelspurs HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:21:20 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:21:22 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:21:09:04 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:21:10:10 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'


Re: hackers

wendyn on 4/08/01 at 11:33 (043976)

Scott - in English - what does this all mean?

I had trouble getting into the site last night and today - is this why?

What did they do to the pictures?

Re: hackers

Laurie R on 4/08/01 at 18:34 (044016)

Hi Scott,
I'm with Wendy ,what does this mean ??? And why can't we look at the pictures anymore. Did they do something to the page. I am lucky I know how to e-mail and click on to your site.... Please tell us what all this is......Thank you so much Scott......Laurie R

Re: hackers

Scott R on 4/08/01 at 19:59 (044025)

The hackers were just some kids (as is often the case) doing electronic graffiti on the website to demonstrate that they could have done damage if they had chosen. Young males have a strong need to 'express themselves' as a way to enlarge their ego and impress their peers. They probably didn't know that they had shut the home page down for 24 hrs. To write their harmless graffiti files, they changed the permission settings to something safer than my defaults which prevented programs outside the cgi-bin directory from running. This would have shut down only a few programs (on accident), but since I have a program that redirects all incoming traffic to the home page, the home page was not accessible unless the full path was entered (index.html extension). People coming to the home page without the extension (basically everybody) were blocked for 24 hrs. They had used the program we were using to upload pictures to upload a program that allowed them to upload files and change permissions in higher directories. They uploaded 4 graffiti files and had 2 or 3 friends to look at them to prove that they had done it. I know this by looking at the log files. If they had eant harm they could have changed the home page. Either they didn't mean harm or they couldn't figure out why the home page had disappeared before trying to change it. At least it appeared they could have over-written or viewed any files in the root directory. They uploaded cgitelnet.cgi, execute.cgi, and sideupload.cgi to the pictures directory to do their work, but it appeared only sideupload.cgi was really used. I could fix the security hole without disabling the upload program, but don't have time. I guess I could have done that instead of typing this, but I didn't think about a fix being possible until after I started typing.

Re: OH.

wendyn on 4/08/01 at 20:51 (044029)

Oh - okay...I'm happy that I know how to find my way around the net at all...

Glad you know what you're doing!

Re: OH.

Laurie R on 4/08/01 at 21:10 (044032)

Thank's Scott....What a big pain to deal with kids just playing around ...Thank God they did no harm to your file .....Laurie R

Re: hackers

Scott R on 4/08/01 at 11:09 (043970)

Here is another visit from them:

s-s1-p4-2624.saber.net - - [07/Apr/2001:17:49:28 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 43555 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:28 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 45645 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:28 -0500] 'GET / HTTP/1.1' 200 223 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:29 -0500] 'GET /index.html HTTP/1.1' 200 13309 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:44 -0500] 'GET /zz HTTP/1.1' 301 244 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:50:45 -0500] 'GET /zz/ HTTP/1.1' 200 187 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:17:51:07 -0500] 'GET /index.html HTTP/1.1' 200 13309 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:00:59 -0500] 'GET /zz HTTP/1.1' 301 244 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:01:01 -0500] 'GET /zz/ HTTP/1.1' 200 - '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:01:13 -0500] 'GET / HTTP/1.1' 200 223 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:01:14 -0500] 'GET /index.html HTTP/1.1' 200 13318 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:03:48 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 44353 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:06:34 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 45477 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:06:42 -0500] 'GET /zz HTTP/1.1' 301 244 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:06:47 -0500] 'GET /zz/ HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:18:12 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 46292 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:18:48 -0500] 'GET /zz/cgitelnet.pl HTTP/1.1' 200 23068 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:21:48 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 47023 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:23:34 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 47980 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:24:10 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 48808 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:24:34 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 49612 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:24:40 -0500] 'GET / HTTP/1.1' 200 223 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:26:18 -0500] 'POST /cgi-heelspurs/manfile/fileman.cgi HTTP/1.1' 200 49508 'http://heelspurs.com/cgi-heelspurs/manfile/fileman.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:26:52 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=permissions&name=sideload.cgi&newperm=755&wd= HTTP/1.1' 200 49488 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:27:35 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=permissions&name=cgi-lib.pl&newperm=755&wd= HTTP/1.1' 200 37520 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:27:46 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=permissions&name=data.dat&newperm=777&wd= HTTP/1.1' 200 49476 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:28:24 -0500] 'GET /cgi-heelspurs/manfile/fileman.cgi?action=permissions&name=transfer.dat&newperm=777&wd= HTTP/1.1' 200 49481 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:28:53 -0500] 'GET /zz/sideload.cgi HTTP/1.1' 200 1547 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:15 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:17 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1360 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:17 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:19 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:28 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:28 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:40 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:31:47 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:10 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:11 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1367 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:11 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:13 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:23 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:23 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:30 -0500] 'GET /rootcore.html HTTP/1.1' 404 11427 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:33:45 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:37 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:38 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1363 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:39 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:41 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:49 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:34:50 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:35:28 -0500] 'GET /root.html HTTP/1.1' 200 264 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:37:55 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:37:56 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1365 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:37:56 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:37:58 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:38:08 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:38:08 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:38:12 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:38:17 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:08 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:09 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1368 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:10 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:11 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:21 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:21 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:26 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:40:30 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:41:52 -0500] 'GET /index.html HTTP/1.1' 200 13318 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:13 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:14 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1367 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:14 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:15 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:25 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:25 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:42:34 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:24 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:25 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 1367 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:26 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/ HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:27 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/web/heelspurs/ HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/web/heelspurs/' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:37 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/web/heelspurs/ HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:43:37 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:18:44:02 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:12:24 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:19:53 -0500] 'GET /zz/sideload.cgi HTTP/1.1' 200 1547 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:20:52 -0500] 'POST /zz/sideload.cgi HTTP/1.1' 200 338 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:20:57 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/home/heelspurs HTTP/1.1' 200 1365 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:20:57 -0500] 'GET /zz/sideload.cgi?action=justb4transfernow&path=/home/heelspurs HTTP/1.1' 200 331 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:20:59 -0500] 'GET /zz/sideload.cgi?action=transfernow&path=/home/heelspurs HTTP/1.1' 200 21 'http://www.heelspurs.com/zz/sideload.cgi?action=justb4transfernow&path=/home/heelspurs' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:21:08 -0500] 'GET /zz/sideload.cgi?action=donothing HTTP/1.1' 200 20 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:21:08 -0500] 'GET /zz/sideload.cgi?action=showstatus&path=/home/heelspurs HTTP/1.1' 200 850 'http://www.heelspurs.com/zz/sideload.cgi' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:21:20 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:19:21:22 -0500] 'GET /index.shtml HTTP/1.1' 200 276 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:21:09:04 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'
s-s1-p4-2624.saber.net - - [07/Apr/2001:21:10:10 -0500] 'GET / HTTP/1.1' 200 543 '-' 'Mozilla/4.0 (compatible; MSIE 5.01; MSN 2.5; Windows 98)'


Re: hackers

wendyn on 4/08/01 at 11:33 (043976)

Scott - in English - what does this all mean?

I had trouble getting into the site last night and today - is this why?

What did they do to the pictures?

Re: hackers

Laurie R on 4/08/01 at 18:34 (044016)

Hi Scott,
I'm with Wendy ,what does this mean ??? And why can't we look at the pictures anymore. Did they do something to the page. I am lucky I know how to e-mail and click on to your site.... Please tell us what all this is......Thank you so much Scott......Laurie R

Re: hackers

Scott R on 4/08/01 at 19:59 (044025)

The hackers were just some kids (as is often the case) doing electronic graffiti on the website to demonstrate that they could have done damage if they had chosen. Young males have a strong need to 'express themselves' as a way to enlarge their ego and impress their peers. They probably didn't know that they had shut the home page down for 24 hrs. To write their harmless graffiti files, they changed the permission settings to something safer than my defaults which prevented programs outside the cgi-bin directory from running. This would have shut down only a few programs (on accident), but since I have a program that redirects all incoming traffic to the home page, the home page was not accessible unless the full path was entered (index.html extension). People coming to the home page without the extension (basically everybody) were blocked for 24 hrs. They had used the program we were using to upload pictures to upload a program that allowed them to upload files and change permissions in higher directories. They uploaded 4 graffiti files and had 2 or 3 friends to look at them to prove that they had done it. I know this by looking at the log files. If they had eant harm they could have changed the home page. Either they didn't mean harm or they couldn't figure out why the home page had disappeared before trying to change it. At least it appeared they could have over-written or viewed any files in the root directory. They uploaded cgitelnet.cgi, execute.cgi, and sideupload.cgi to the pictures directory to do their work, but it appeared only sideupload.cgi was really used. I could fix the security hole without disabling the upload program, but don't have time. I guess I could have done that instead of typing this, but I didn't think about a fix being possible until after I started typing.

Re: OH.

wendyn on 4/08/01 at 20:51 (044029)

Oh - okay...I'm happy that I know how to find my way around the net at all...

Glad you know what you're doing!

Re: OH.

Laurie R on 4/08/01 at 21:10 (044032)

Thank's Scott....What a big pain to deal with kids just playing around ...Thank God they did no harm to your file .....Laurie R