Hi everyone I have to administer our small company network in my spare time which hopefully explains my little security knowledge... I have just come across a scary entry in our Windows 2000 Server Internet Information Services 5.0 log:
2002-01-17 10:52:31 62.161.107.167 - 10.10.1.1 80 GET /scripts/root.exe /c+dir 403 www - 2002-01-17 10:52:46 62.161.107.167 - 10.10.1.1 80 GET /MSADC/root.exe /c+dir 403 www - 2002-01-17 10:52:54 62.161.107.167 - 10.10.1.1 80 GET /c/winnt/system32/cmd.exe /c+dir 403 www - 2002-01-17 10:53:03 62.161.107.167 - 10.10.1.1 80 GET /d/winnt/system32/cmd.exe /c+dir 403 www - 2002-01-17 10:53:18 62.161.107.167 - 10.10.1.1 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 403 www - Is someone currently executing terrible things on our server? I would be very greatfull for any quick help and/or explanation! Thanks a lot and best wishes to everyone Marc Suxdorf Studios f�r Design Milchstrasse 6b D-20148 Hamburg Tel +49 (40) 41345-100 Fax +49 (40) 41345-101 Email [EMAIL PROTECTED]
