DataCha0s/2.0

Forum Moderators: open

Message Too Old, No Replies

DataCha0s/2.0

Anyone Else seen this?

Ocean10000

4:44 pm on Apr 10, 2005 (gmt 0)

IP:62.221.199.145
Hostname:relay.studenten.net
Browser:DataCha0s
Version:2.0

It made a play at awstats.pl, which I think it is trying to exploit or see if its publicly visible (which its not). It went though a proxie to cover its tracks so I am thinking it is up to no good. Anyone have any more details on this.

examplefied url which it tried to access as follows
[example.local...]

[edited by: volatilegx at 2:17 pm (utc) on April 11, 2005]
[edit reason] examplified url [/edit]

fiestagirl

4:55 pm on Apr 11, 2005 (gmt 0)

Yes, seen it here. Trying the cgi bin too.

keyplyr

8:33 pm on May 12, 2005 (gmt 0)

Several attempts at awstats.pl (which I don't use) here too:

66.45.****.** - - [12/May/2005:04:47:43 -0700] "GET /cgi-bin/awstats/awstats.pl?configdir=Śecho;echo;id;%00 HTTP/1.0" 404 220 "-" "DataCha0s/2.0"
66.45.****.** - - [12/May/2005:04:47:43 -0700] "GET /awstats/awstats.pl?configdir=Śecho;echo;id;%00 HTTP/1.0" 404 1951 "-" "DataCha0s/2.0"

rhuseinh

3:30 am on May 13, 2005 (gmt 0)

Just got one too:

Error Code: 404 (script not found or unable to stat: /home/asdf/public_html/cgi-bin/awstats.pl)
Occurred: Thu May 12 23:16:05 EDT 2005
Requested URL: /cgi-bin/awstats.pl?configdir=Śecho;echo;id;%00
User Address: 63.247.65.82
User Agent: DataCha0s/2.0
Referer:

Since I got the IP Adress, what can I do about this?

keyplyr

7:33 am on May 13, 2005 (gmt 0)

Since I got the IP Adress, what can I do about this?

No good to block by IP if it's using proxies. If you don't use awstats, then I wouldn't worry - it got a 404 and probably won't come back. If your really want to stop it, then you could block by UA if you're on Apache server:

RewriteCond %{HTTP_USER_AGENT} ^DataCha0s

DataCha0s/2.0

Anyone Else seen this?

Ocean10000

fiestagirl

keyplyr

rhuseinh

keyplyr

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week