[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Weird Access Log entries

Subject: RE: [cobalt-users] Weird Access Log entries
From: "Phil Beynon" <phil@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue Oct 14 06:01:02 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

John
Its a virus probe from a server (still) infected with either code red or
nimda - can't recall which one. Just ignore it, it's a MS server thing.

Phil

** http://www.diygear.com THE Online DIY Toolstore For DIY & Business
** Infolink Electronic Systems Ltd. http://www.infolinkelectronics.co.uk
** Professional Web Design & Cobalt Hosting Solutions
** Sun Cobalt iForce Reseller - Canon Silver Reseller
** Contact: Sales@xxxxxxxxxxxxxxxxxxxxxxxxx
** Tel / Fax 0121 458 4894 (office) 0121 441 3558 (home)


> I am getting a few of these in my access logs in one of my
> Raq550s.  Does anyone
> know what this means?
>
> ns1.jmgenterprises.com 12.248.198.33 - - [14/Oct/2003:03:19:15 -0500] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 241 "-" "-"
> ns1.jmgenterprises.com 12.248.198.33 - - [14/Oct/2003:03:19:15 -0500] "GET
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 241 "-" "-"
> ns1.jmgenterprises.com 12.248.198.33 - - [14/Oct/2003:03:19:16 -0500] "GET
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302
> 258 "-" "-"
>
> John
>

Follow-Ups:
- Re: [cobalt-users] Weird Access Log entries
  - From: John D Gorena

References:
- [cobalt-users] Weird Access Log entries
  - From: John D Gorena

Prev by Date: [cobalt-users] Weird Access Log entries
Next by Date: RE: [cobalt-users] livesupport ASP scripts bombs - need help
Previous by thread: [cobalt-users] Weird Access Log entries
Next by thread: Re: [cobalt-users] Weird Access Log entries

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index