Welcome to WebmasterWorld Guest from 23.22.220.37

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

setup akl.exe

     
11:40 pm on Feb 28, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5408
votes: 2


Am I the only lucky recipient?

208.50.101.zzz - - [28/Feb/2012:22:38:03 +0000] "GET /downloads/setup_akl.exe HTTP/1.1" 403 533 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; MALC; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; Windows Live Messenger 14.0.8117.0416)"
2:09 am on Feb 29, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


Recipient of -- yet another exploit probe? Hang on, I got a million of 'em for ya:)
5:22 am on Feb 29, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5805
votes: 64


I guess if you don't use Ardamax Keylogger then its a 404. Trouble is, many inexperienced web masters leave these .exe files on the server instead of deleting them after installation. They CHMOD to absolute server path, thus why they're exploited.

I and many others block all Level 3 ranges.