-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 These are things you should not worry about. Most webserver admins see them daily and make most of the error logs. Just a host scanning for known IIS bugs or an infected (nimda?) webserver trying to affect others. If you applied the security patches you should have nothing to worry about. If you want to help to prevent these attacks parse out all the IP's and resolve them or check on port 80 to see if is webserver (not sure if non-webserver machine's infected with nimda if nimda opens a port 80 server) and inform the web admin about it. You could send the rest of the IP's ISP a complaint but history proves these complaints quicky find there way into the recycle bin.
Philip Wagenaar - -----Original Message----- From: Ryan Ratkiewicz [mailto:[EMAIL PROTECTED]] Sent: donderdag 15 november 2001 19:18 To: [EMAIL PROTECTED] Subject: IIS Hack Attempt Can someone help me decipher this? 11:30:48 207.217.205.149 GET /scripts/root.exe 404 11:30:48 207.217.205.149 GET /MSADC/root.exe 404 11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /d/winnt/system32/cmd.exe 404 11:30:49 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:49 207.217.205.149 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 11:30:50 207.217.205.149 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 11:30:50 207.217.205.149 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.e xe 500 11:30:50 207.217.205.149 GET /scripts/..Á../winnt/system32/cmd.exe 500 11:30:50 207.217.205.149 GET /scripts/winnt/system32/cmd.exe 404 11:30:51 207.217.205.149 GET /winnt/system32/cmd.exe 404 11:30:51 207.217.205.149 GET /winnt/system32/cmd.exe 404 11:30:51 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:51 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:52 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500 11:30:52 207.217.205.149 GET /scripts/..%2f../winnt/system32/cmd.exe 500 Thanks. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQA/AwUBO/h9984JcipDIO8UEQI/nQCgl0pKa2hPtRQap/QV8/zdIREwrt4AmwXt aWynbb1FreyGBm2lvWg80HIp =bYSQ -----END PGP SIGNATURE-----