httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Gallen <ggal...@slackinc.com>
Subject RE: [users@httpd] Hacker?
Date Wed, 04 Dec 2002 14:25:20 GMT
doesn't take long for those script kiddies to find an IP
on their subnet....

If your not an unpatched IIS NT/W2k system, it won't hurt you
unless your logs fill up :) Welcome to the world of Nimda logging.
You will occaisionally see a crap load of N's, that's CodeRed.

George

>-----Original Message-----
>From: H. Carter Harris [mailto:carter-lists@technettn.net]
>Sent: Wednesday, December 04, 2002 9:12 PM
>To: users@httpd.apache.org
>Subject: [users@httpd] Hacker?
>
>
>I have a test apache system where I am trying to learn how to 
>use it.  I got
>the access_log file working and I noticed the following 
>entries in the log:
>
>66.137.7.57 - - [02/Dec/2002:19:49:26 -0500] "GET
>/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 -
>61.56.232.58 - - [02/Dec/2002:19:49:53 -0500] "HEAD / HTTP/1.0" 404 0
>208.47.206.2 - - [02/Dec/2002:22:01:40 -0500] "GET
>/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+copy+c:\winnt\
system32\cmd.
>exe+c:\inetpub\scripts\script.exe HTTP/1.1" 404 246
>207.198.31.238 - - [03/Dec/2002:00:15:16 -0500] "GET
>/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+copy+c:\winnt\
system32\cmd.
>exe+c:\inetpub\scripts\script.exe HTTP/1.1" 404 246
>195.92.95.61 - - [03/Dec/2002:05:16:21 -0500] "HEAD
>/cobalt-images/welcome2.gif HTTP/1.0" 404 0
>202.62.83.82 - - [03/Dec/2002:10:25:49 -0500] "HEAD / HTTP/1.0" 404 0
>6
>
>This installation is on a Mandrake Linux box, not NT.  Is 
>someone trying to
>hack into the system?
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>

Mime
View raw message