Date: Fri, 22 Feb 2002 10:39:50 -0500 From: Daniel Frazier <dfrazier@magpage.com> To: Jim Freeze <jfreeze@freebsdportal.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Script Kiddies Trying to Hack Me? Message-ID: <3C766646.3060700@magpage.com> References: <20020222102602.A14033@freebsdportal.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Freeze wrote: > Hi: > > I was just browsing my log files on a site/ip address that has > been live less than 12 hrs and came across: > > 63.219.136.226 - - [22/Feb/2002:09:29:18 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 285 > 63.219.136.226 - - [22/Feb/2002:09:29:18 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 283 > 63.219.136.226 - - [22/Feb/2002:09:29:19 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 > 63.219.136.226 - - [22/Feb/2002:09:29:19 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 > 63.219.136.226 - - [22/Feb/2002:09:29:19 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 > " 404 307 > > This looks like someone trying to get access to an NT system command, > and my guess is that they are up to no good. > Is this a fair assumption? I would guess that this is fairly > common and that these guys are scanning new machines all the time. > > Makes me want to be sure that I get a firewall up before I put > a machine on the net. > 63.219.136.226 is a Winblows ME box and is infected with a virus/worm that's trying to propagate itself. not to worry... -- ---------------------------------------------------------------------- Daniel Frazier <dfrazier@magpage.com> Tel: 302-239-5900 Ext. 231 Systems Administrator Fax: 302-239-3909 MAGPAGE, We Power the Internet WWW: http://www.magpage.com/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C766646.3060700>