Here are some webstats from one of our customers webservers. As you can see we often get this happenning as some people out there really should put their computer back in the box and take it back to the shop for a refund as they are too stupid to install av products. I am not worried about these hits and nor is the isp as they can do no damage ( only knock off bandwidth)
Cheers PS This server has only been running 2 weeks so it will be interesting what other rubbish hits it in the future Bad URLs This report lists the requests that generated 404 Not Found error messages (because the requested files didn't exist). Summary: This report shows the top 10 bad URLs requested. 25 distinct bad URLs were found. Quantity % of Total Item 180 2.76% /winnt/system32/cmd.exe?/c+dir 96 1.47% /scripts/root.exe?/c+dir 96 1.47% /MSADC/root.exe?/c+dir 95 1.46% /c/winnt/system32/cmd.exe?/c+dir 92 1.41% /d/winnt/system32/cmd.exe?/c+dir 90 1.38% /scripts/winnt/system32/cmd.exe?/c+dir 90 1.38% /msadc/..%5c../..%5c../..%5c/..� ../..� ../..� ../winnt/system32/cmd.exe ?/c+dir 90 1.38% /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir 20 0.31% /robots.txt 4 0.06% /favicon.ico Anthony Kimber Consultant, ARL Computer Consultants Ltd Web : http://www.arl-consultants.co.uk Phone : 0191 536 5115 Fax: : 0191 536 5115 Mobile : 07798 848034 -----Original Message----- From: Marc Suxdorf [mailto:[EMAIL PROTECTED]] Sent: 17 January 2002 16:09 To: [EMAIL PROTECTED] Subject: [gb-users] Not Gnatbox but security related Hi everyone I have to administer our small company network in my spare time which hopefully explains my little security knowledge... I have just come across a scary entry in our Windows 2000 Server Internet Information Services 5.0 log: 2002-01-17 10:52:31 62.161.107.167 - 10.10.1.1 80 GET /scripts/root.exe /c+dir 403 www - 2002-01-17 10:52:46 62.161.107.167 - 10.10.1.1 80 GET /MSADC/root.exe /c+dir 403 www - 2002-01-17 10:52:54 62.161.107.167 - 10.10.1.1 80 GET /c/winnt/system32/cmd.exe /c+dir 403 www - 2002-01-17 10:53:03 62.161.107.167 - 10.10.1.1 80 GET /d/winnt/system32/cmd.exe /c+dir 403 www - 2002-01-17 10:53:18 62.161.107.167 - 10.10.1.1 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 403 www - Is someone currently executing terrible things on our server? I would be very greatfull for any quick help and/or explanation! Thanks a lot and best wishes to everyone Marc Suxdorf Studios f�r Design Milchstrasse 6b D-20148 Hamburg Tel +49 (40) 41345-100 Fax +49 (40) 41345-101 Email [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
