httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Leach" <sle...@askalix.com>
Subject Re: Straneg access log entries - hacker??
Date Wed, 10 Apr 2002 13:07:11 GMT
Hi,

Looks like Code Red or one of it's imitators - check out
http://www.cert.org/advisories/CA-2001-19.html


Best Regards,

Steve Leach
Network Manager
Mi-Int Limited
Eaglescliffe Logistics Centre
Durham Lane
Egglescliffe
URL: http://www.askalix.com
TEL: 01642 356205
e-mail: sleach@askalix.com

----- Original Message -----
From: "DownUnder Dan" <danes@image.dk>
To: <users@httpd.apache.org>
Sent: Wednesday, April 10, 2002 2:01 PM
Subject: Straneg access log entries - hacker??


HI ALL! I downloaded Apache 1.3.22 for win2k and have just installed it.
I am a read newbie at this.

I just had a look at the access log and I noticed these entries that cause
me to worry a little:
80.62.91.126 - - [10/Apr/2002:13:27:35 +0200] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 288
80.62.91.126 - - [10/Apr/2002:13:27:43 +0200] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
80.62.91.126 - - [10/Apr/2002:13:27:50 +0200] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
80.62.91.126 - - [10/Apr/2002:13:27:57 +0200] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
80.62.91.126 - - [10/Apr/2002:13:28:05 +0200] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 329
80.62.91.126 - - [10/Apr/2002:13:28:12 +0200] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 329

A normal entry looks like this:
62.199.0.4 - - [10/Apr/2002:13:27:19 +0200] "GET /icons/blank.gif HTTP/1.1"
200 148

Can anyone shed light on this?  It someone trying to hack into my computer
or is there some explaination for these entries?

REGARDS!
Dan



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message