Forum Moderators: DixonJones
www.domain1.com 195.****.xxx.xx - - [26/Jan/2004:17:32:42 -0500] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 302 - "-" "-"
www.domain2.com 195.xxx.xxx.xx - - [26/Jan/2004:17:32:42 -0500] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 302 - "-" "-"
ns1.domain.com 195.xxx.xxx.xx - - [26/Jan/2004:17:32:42 -0500] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 302 - "-" "-"
www.domain3.com 195.xxx.xxx.xx - - [26/Jan/2004:17:32:42 -0500] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 302 - "-" "-"
i'm afraid this could be an exploit, however i'm running Apache on SunCobalt and the requests seem to look for windows sys files, the response code is 302 = found.
please i'd like to know your opinions, do i have to worry? what i should do? write to their ISP for abuse?!?
Thanks in advance for your help
tito
As far as the 302 response code goes, this is the temporary redirect code (meaning the page has been temporarily moved to a new URL). Your server is probably sending a redirect to a page that you have setup for 404 errors.
Shawn
iTISTIC.com
ok, i will not inform their ISP (a greek university and a nyc institute of tech.)
strange that both requests come almost at the same time (20 min. difference about on the same day originating from 2 different ISP) am i under a cross fire?!?
i thought to ban those IPs on my server but i guess it's a waste of time, isn't it?!?
Thanks a lot for your helpful reply
tito
