[aclug-L] Re: Hacker or ??
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Yes, we are getting the exact same garbage clogging up our network...
-Ryan
----- Original Message -----
From: "Maverick" <mluvw47@xxxxxxxxx>
To: "ACLUG_DISCUSSION" <discussion@xxxxxxxxx>
Sent: Tuesday, September 18, 2001 12:46 PM
Subject: [aclug-L] Hacker or ??
>
> Hi, all
> Recently I check on my apache webserver access.log
> and find out a lot of entrie like this:
> 24.254.90.73 - - [18/Sep/2001:10:44:38 -0700] "GET
> /scripts/..%c0%af../winnt/sys
> tem32/cmd.exe?/c+dir HTTP/1.0" 404 231
> 24.254.90.73 - - [18/Sep/2001:10:44:39 -0700] "GET
> /scripts/..%%35%63../winnt/sy
> stem32/cmd.exe?/c+dir HTTP/1.0" 400 215
> 24.254.90.73 - - [18/Sep/2001:10:44:41 -0700] "GET
> /scripts/..%%35c../winnt/syst
> em32/cmd.exe?/c+dir HTTP/1.0" 400 215
> 24.254.90.73 - - [18/Sep/2001:10:44:43 -0700] "GET
> /scripts/..%c1%9c../winnt/sys
> tem32/cmd.exe?/c+dir HTTP/1.0" 404 231
> .....
>
> Is that someone try to access my /var/www/scripts/?
> and my error.log generate something like this..
> Tue Sep 18 10:52:27 2001] [error] [client
> 24.234.20.197] File does not exist: /
> var/www/c/winnt/system32/cmd.exe
> [Tue Sep 18 10:52:28 2001] [error] [client
> 24.234.20.197] File does not exist: /
> var/www/d/winnt/system32/cmd.exe
> ....
>
> anyone have any idea? or did I set something wrong?
> or really have a hacker knocking on my door?
>
> Thanks.
> Mav
>
> __________________________________________________
> Terrorist Attacks on U.S. - How can you help?
> Donate cash, emergency relief information
> http://dailynews.yahoo.com/fc/US/Emergency_Information/
> -- This is the discussion@xxxxxxxxx list. To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
>
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
[aclug-L] Re: Hacker or ??, Maverick, 2001/09/19
[aclug-L] Re: Hacker or ??,
Ryan Hunt <=
|
|