Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

Has someone been trying to hack my site?

Anyone recognize this code?



8:03 pm on Feb 1, 2002 (gmt 0)

10+ Year Member

Just looked at my access logs for the month of January, and under the 404 not founds, there were a bunch of references to these URL's they were trying to access on our site.

/scripts/..../winnt/ system32/cmd.exe?/c+dir
/msadc/..%5c../..%5c../..%5c/ ..../..../..../winnt/ system32/cmd.exe?/c+dir
/_mem_bin/..%5c../..%5c../..% 5c../winnt/system32/cmd.exe?/c+ dir
/_vti_bin/..%5c../..%5c../..% 5c../winnt/system32/cmd.exe?/c+ dir
/d/winnt/system32/cmd.exe?/c+ dir

Is this someone trying to gain access to my system? What do they think they will see?



9:16 pm on Feb 1, 2002 (gmt 0)

10+ Year Member

The answer to your question is, Yes and No.

It is not any individual trying to hack your system. It looks like some variety of the "Code Red" worm, which infects and spreads from Microsoft IIS servers
that haven't been properly patched.

The giveaway is the repeated snip of code:


The worm is trying to copy the standard Windows NT/2000 command interpreter "cmd.exe" into the server's "scripts" directory, so it can execute commands on the site.

If your site is not on a Microsoft server you are probably safe. Also, Microsoft offered a patch for this months ago. I would be extremely surprised if your host had this hole and hasn't patched it yet, but it wouldn't hurt to ask them about it.

As for the 404 codes --the fact that you found the record of it under 404 means your server returned a "not found" message. IOW the worm was not getting what it wanted --a good thing!


9:51 pm on Feb 1, 2002 (gmt 0)

10+ Year Member

Actually, we are running our server on an AS/400 so there has been no problem, just thought it was interesting. This was tried several days in a row, up to 84 times per URL, so whatever was doing this was a persistant little devil.

Thanks for the info.


Featured Threads

Hot Threads This Week

Hot Threads This Month