[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Extensive Hack Attack - Was C drive hack

Subject: RE: [cobalt-users] Extensive Hack Attack - Was C drive hack
From: "Paul Alcock" <webmgr@xxxxxxxxxxxxxxxxxx>
Date: Tue Sep 18 00:11:26 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> I am getting a lot of these logged on every IP routed to my
> machine that has
> a site.
>
> www.site.com 216.234.235.118 - - [18/Sep/2001:06:49:52 -0700] "GET
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
>
> www.site.com 216.234.199.92 - - [18/Sep/2001:06:51:19 -0700] "GET
> /MSADC/root.exe?/c+dir HTTP/1.0" 302 231 "-" "-"
>
> www.adifferentsite.com 66.12.10.51 - - [18/Sep/2001:06:51:16 -0700] "GET
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302
> 254 "-" "-"
Ditto, the frequency is much worse than code red or code red II
I'm guessing that I'm logging more than 100 per minute.
Major pain. Anyway to detect the origin or at least a waypoint?


--sig
Paul Alcock

Follow-Ups:
- Re: [cobalt-users] Extensive Hack Attack - Was C drive hack
  - From: David Thurman

References:
- [cobalt-users] C drive hack
  - From: Paul

Prev by Date: [cobalt-users] Log File Problems
Next by Date: [cobalt-users] [RAQ4r] ASP, MySQL, and Microsoft Access
Previous by thread: [cobalt-users] C drive hack
Next by thread: Re: [cobalt-users] Extensive Hack Attack - Was C drive hack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index