Web server logs

Forum Moderators: DixonJones

Message Too Old, No Replies

Web server logs

Hacking attempts?

biggles

1:20 am on Nov 28, 2002 (gmt 0)

Can someone please tell me what it means when your server logs show there have been repeat accesses as below.

66.171.37.47 - - [24/Nov/2002:12:07:18 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 9236
66.171.37.47 - - [24/Nov/2002:12:07:18 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 9236
66.171.37.47 - - [24/Nov/2002:12:07:18 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 9236
66.171.37.47 - - [24/Nov/2002:12:07:18 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 9236
and so on...

Is this a hacking attempt? A LookUp of the IP address: 66.171.37.47 shows Host name: 47.37.171.66.subscriber.vzavenue.net

Thanks

jdMorgan

1:58 am on Nov 28, 2002 (gmt 0)

biggles,

No, this is just some Code Red or NIMDA-infected machine trying to spread the worm to your server. If you're on Apache, you can ignore these. If not, blocking accesses to any resource whose name contains "cmd.exe" will take care of 99% of it.

If you're lucky, you'll get only dozens of these per day. If you're not, more.

Jim

biggles

3:57 am on Nov 28, 2002 (gmt 0)

Phew...thanks for the reassurance Jim. Pleased to say my host uses Apache. :)

Web server logs

Hacking attempts?

biggles

jdMorgan

biggles

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week