1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 2:08 pm May 14, 2026

Forum Moderators: DixonJones

Message Too Old, No Replies

suspicious logs

am I being hacked?

         

brokenbricks

11:39 am on Jun 8, 2005 (gmt 0)

10+ Year Member



Using Wusage to analyze some log files I see some suspicious entries like the following:

Top 100 CGI Scripts
/c/winnt/system32/cmd.exe

/scripts/..À¯../winnt/system32/cmd.exe

/msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/syst
em32/cmd.exe

/MSADC/root.exe

/scripts/root.exe

Does anyone know what this is?

Seems to me like someone is entering random strings trying to somehow get a command prompt or root access.

I am not on a Windows server though. Either way, what can I do about this?

nmattheij

11:47 am on Jun 8, 2005 (gmt 0)

10+ Year Member



It's definately a hack attempt.

We get these all the time. You can block the IP's, but they come from different IP's each time.

Maybe it's possible to block all traffic requesting EXE's, but in our case these hack-attempts aren't affecting anything. We filter them out of our reporting.

My guess is they're lame hack-attempts of people who downloaded 'hacker'-software. We DO have Windows servers and still it's useless.

dcrombie

11:47 am on Jun 8, 2005 (gmt 0)



It's an automated worm targeting Windows servers. There's not much you can do about it, but it won't affect you if you're not running Windows.

Sanenet

12:47 pm on Jun 8, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Agreed, there are a bunch of worms out there trawlling through the web looking for vul machines (remember "Code Red"?)

Even if you're running windows, keeping it up to date means that most of these worms are obsolete.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 2:08 pm May 14, 2026