Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 39938 invoked by uid 500); 18 Mar 2003 09:33:52 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 39913 invoked from network); 18 Mar 2003 09:33:51 -0000 Received: from unknown (HELO server102.anhosting.com) (162.42.208.49) by daedalus.apache.org with SMTP; 18 Mar 2003 09:33:51 -0000 Received: from [61.11.23.193] (helo=vishal) by server102.anhosting.com with smtp (Exim 3.36 #1) id 18vDUk-0000fB-00 for users@httpd.apache.org; Tue, 18 Mar 2003 03:34:55 -0600 Message-ID: <001201c2ed31$8a03f210$1a01a8c0@vishal> From: "System" To: References: Date: Tue, 18 Mar 2003 15:04:09 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server102.anhosting.com X-AntiAbuse: Original Domain - httpd.apache.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0] X-AntiAbuse: Sender Address Domain - eluminoustechnologies.com X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Crackers Hello, > This kind of thing(lots of it): > > 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET > /scripts/root.exe?/c+dir HTTP/1.0" 404 336 "-" "-" > 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET /MSADC/root.exe?/c+dir > HTTP/1.0" 404 334 "-" "-" I am not sure if these are Worms or Virus. > 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 344 "-" "-" > 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET > /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 344 "-" "-" > 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET > /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 358 "-" "-" > 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET > /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" 404 375 "-" "-" > 217.199.107.241 - - [17/Mar/2003:01:49:21 +0000] "GET > /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" 404 375 "-" "-" > 217.199.107.241 - - [17/Mar/2003:01:49:22 +0000] "GET > /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy > stem32/cmd.exe?/c+dir HTTP/1.0" 404 391 "-" "-" > 217.199.107.241 - - [17/Mar/2003:01:49:22 +0000] "GET > /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 357 "-" "-" For the above No neeed to worry if you are on linux. bcoz these are the machines that are infected with a Windows virus called NIMDA.they are just trying to access the sites on your server.That's it. Regards, Tina. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org