[CLUE-Tech] Is someone trying to hack me?
Tom Poindexter
tpoindex at nyx.net
Wed Nov 13 20:51:30 MST 2002
On Thu, Nov 14, 2002 at 03:26:55AM +0000, Jason S. Friedman wrote:
> What are these in my apache server logs?
>
> 63.231.245.155 - - [13/Nov/2002:22:10:21 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
> 63.231.245.155 - - [13/Nov/2002:22:10:22 +0000] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
Hi Jason,
I think we talked about this last night. This appears to be some of
the many worms that infect MS IIS web servers. You may have heard of
'CodeRed', ''Nimda', and the like. Most target of these target IIS
because of it's known vulnerabilities. Don't be fooled though, there are
attacks that target Linux, Apache, Sendmail, BIND, OpenSSH, etc.
securityfocus.com hosts the mailing list BUGTRAQ, plus has a ton of information
about various attacks against all manner of MS Windows, Linux, etc.
If you have a public facing site, you should be concerned and up-to-date on
security patches.
--
Tom Poindexter
tpoindex at nyx.net
http://www.nyx.net/~tpoindex/
More information about the clue-tech
mailing list