On Friday 21 June 2002 03:57, Phillp Morgan wrote: > Hi, > > It looks like someone is trying to break into my system. This is out of my > apache error log... > > >61.243.140.78 - - [21/Jun/2002:13:58:29 +1000] "GET /MSADC/root.exe?/c+dir > > HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:30 +1000] "GET > > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:31 +1000] "GET > > /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:32 +1000] "GET > > /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:33 +1000] "GET > > /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+di > r HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:34 +1000] "GET > > /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+di > r HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:36 +1000] "GET > > /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../ > winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:29 +1000] "GET /MSADC/root.exe?/c+dir > > HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:30 +1000] "GET > > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:31 +1000] "GET > > /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:32 +1000] "GET > > /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - > > >61.243.140.78 - - [21/Jun/2002:13:58:33 +1000] "GET > > /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" 404 - > > Is there any way I can block this nasty person?
Depends on which kernel you use, with a 2.2.x kernel one can use; /sbin/ipchains -A input -j REJECT -s 61.243.140.78 > > Who should I report this to? No idea, all the IP#'s shown with traceroute are unresolveable so who knows who he actually is, the last resolvable ip# with traceroute was linx01.hkt.net but thats 5 hops before 61.243.140.78. > > Regards, > > Phillip Morgan > Chief Information Offier > Quickpages Business Directories -- Regards Richard [EMAIL PROTECTED] http://people.zeelandnet.nl/pa3gcu/ - To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs