Paul Sumner wrote: >In my raw logs I find several entries, such as: > >/scripts/root.exe?/c+dir >/MSADC/root.exe?/c+dir >/c/winnt/system32/comd.exe?/c+dir >/d/winnt/system32/comd.exe?/c+dir >/scripts/..%255c.../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir >
Yes they are worms, virii or whatever. If you are not running Windows then you are absolutely safe from these attacks. If you are then you have to look at the response codes. Are they failure codes such as 404, then you are ok. If they are 200s then you have been hacked. Also look out for link strings of NNNNNNNNNNNNNNNNN or XXXXXXXXXXXXXXXXXXX. Make sure your server is patched up to date. +------------------------------------------------------------------------ | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/[email protected]/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 +------------------------------------------------------------------------
