| View previous topic :: View next topic |
| Author |
Message |
akoo1
-
Joined: 04 Aug 2003
Posts: 1
|
 Posted: Mon Aug 04, 2003 3:08 am Post subject: How do you see if someone is hacking via your webserver? |
 |
|
I occassionally browse the access.log file in the log directory of the web server. Does anyone know what these commands are doing?
12.248.88.34 - - [02/Aug/2003:07:57:32 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.248.88.34 - - [02/Aug/2003:07:57:33 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.248.88.34 - - [02/Aug/2003:07:57:34 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
I don't know too much about deciphering these values, so could someone tell me if this is actually normal to see?
Thanks
p.s. How do I go and see a documentation that tells what these get requests are? |
|
| Back to top |
  |
 |
spike
-
Joined: 15 Jul 2003
Posts: 7
|
| Posted: Mon Aug 04, 2003 8:36 am Post subject: |
|
|
I get those all the time, most I could find out was its a Code Red worm/Nimda probe checking if your computer is vulnerable. You should be fine however, am I correct?
_________________
Last edited by spike on Tue Aug 05, 2003 5:37 pm; edited 1 time in total |
|
| Back to top |
  |
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
|
| Back to top |
 |
|
|
