Hi,
tonight, somebody had tried hack our Tomcat 3.2.3 in win2000.
Here is the log:
2001-12-13 01:18:35 - Ctx( ): 404 R( + /scripts/root.exe + null) null
2001-12-13 01:18:36 - Ctx( ): 404 R( + /MSADC/root.exe + null) null
2001-12-13 01:18:42 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null)
null
2001-12-13 01:18:46 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null)
null
2001-12-13 01:18:47 - Ctx( ): 404 R(
/scripts/..%255c../winnt/system32/cmd.exe)
null
2001-12-13 01:18:50 - Ctx( ): 404 R(
/_vti_bin/..%255c../..%255c../..%255c../wi
nnt/system32/cmd.exe) null
2001-12-13 01:18:51 - Ctx( ): 404 R(
/_mem_bin/..%255c../..%255c../..%255c../wi
nnt/system32/cmd.exe) null
2001-12-13 01:19:00 - Ctx( ): 404 R(
/msadc/..%255c../..%255c../..%255c/..%c1%1
c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null
2001-12-13 01:19:00 - Ctx( ): 404 R( +
/scripts/..??../winnt/system32/cmd.exe
+ null) null
2001-12-13 01:19:01 - Ctx( ): 404 R(
/scripts/..%c0%2f../winnt/system32/cmd.exe
) null
2001-12-13 01:19:31 - ContextManager: SocketException reading request,
ignored -
java.net.SocketException: Connection reset by peer: JVM_recv in socket
input st
ream read
at java.net.SocketInputStream.socketRead(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at
org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA
dapter.java:115)
at
org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ
letInputStream.java:106)
at
org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle
tInputStream.java:128)
at
javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138
)
at
org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt
pRequestAdapter.java:129)
at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:198)
at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
at java.lang.Thread.run(Unknown Source)
2001-12-13 01:50:41 - Ctx( ): 404 R( + /scripts/root.exe + null) null
2001-12-13 01:50:41 - Ctx( ): 404 R( + /MSADC/root.exe + null) null
2001-12-13 01:51:09 - ContextManager: SocketException reading request,
ignored -
java.net.SocketException: Connection reset by peer: JVM_recv in socket
input st
ream read
at java.net.SocketInputStream.socketRead(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at
org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA
dapter.java:115)
at
org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ
letInputStream.java:106)
at
org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle
tInputStream.java:128)
at
javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138
)
at
org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt
pRequestAdapter.java:129)
at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:198)
at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
at java.lang.Thread.run(Unknown Source)
2001-12-13 06:08:24 - Ctx( ): 404 R( + /scripts/root.exe + null) null
2001-12-13 06:08:24 - Ctx( ): 404 R( + /MSADC/root.exe + null) null
2001-12-13 06:08:25 - Ctx( ): 404 R( + /c/winnt/system32/cmd.exe + null)
null
2001-12-13 06:08:25 - Ctx( ): 404 R( + /d/winnt/system32/cmd.exe + null)
null
2001-12-13 06:08:25 - Ctx( ): 404 R(
/scripts/..%255c../winnt/system32/cmd.exe)
null
2001-12-13 06:08:25 - Ctx( ): 404 R(
/_vti_bin/..%255c../..%255c../..%255c../wi
nnt/system32/cmd.exe) null
2001-12-13 06:08:26 - Ctx( ): 404 R(
/_mem_bin/..%255c../..%255c../..%255c../wi
nnt/system32/cmd.exe) null
2001-12-13 06:08:26 - Ctx( ): 404 R(
/msadc/..%255c../..%255c../..%255c/..%c1%1
c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe) null
2001-12-13 06:08:26 - Ctx( ): 404 R( +
/scripts/..??../winnt/system32/cmd.exe
+ null) null
2001-12-13 06:08:26 - Ctx( ): 404 R(
/scripts/..%c0%2f../winnt/system32/cmd.exe
) null
2001-12-13 06:08:26 - Ctx( ): 404 R( +
/scripts/..?»../winnt/system32/cmd.exe
+ null) null
2001-12-13 06:08:27 - Ctx( ): 404 R( +
/scripts/..??../winnt/system32/cmd.exe
+ null) null
2001-12-13 06:08:27 - ContextManager: RequestImpl.setServletPath: Unable to
deco
de servlet path, using encoded version. path =
/scripts/..%%35%63../winnt/syste
m32/cmd.exe
2001-12-13 06:08:27 - Ctx( ): 404 R( +
/scripts/..%%35%63../winnt/system32/cmd
.exe + null) null
2001-12-13 06:08:27 - ContextManager: RequestImpl.setServletPath: Unable to
deco
de servlet path, using encoded version. path =
/scripts/..%%35c../winnt/system3
2/cmd.exe
2001-12-13 06:08:27 - Ctx( ): 404 R( +
/scripts/..%%35c../winnt/system32/cmd.e
xe + null) null
2001-12-13 06:08:28 - Ctx( ): 404 R(
/scripts/..%25%35%63../winnt/system32/cmd.exe) null
2001-12-13 06:08:28 - Ctx( ): 404 R(
/scripts/..%252f../winnt/system32/cmd.exe)
null
2001-12-13 06:18:21 - Ctx( ): 404 R( + /scripts/root.exe + null) null
2001-12-13 06:18:22 - Ctx( ): 404 R( + /MSADC/root.exe + null) null
2001-12-13 06:26:40 - Ctx( ): 404 R( + /scripts/root.exe + null) null
2001-12-13 06:26:52 - Ctx( ): 404 R( + /MSADC/root.exe + null) null
2001-12-13 06:27:01 - ContextManager: SocketException reading request,
ignored -
java.net.SocketException: Connection reset by peer: JVM_recv in socket
input st
ream read
at java.net.SocketInputStream.socketRead(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at
org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA
dapter.java:115)
at
org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ
letInputStream.java:106)
at
org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle
tInputStream.java:128)
at
javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138
)
at
org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt
pRequestAdapter.java:129)
at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:198)
at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
at java.lang.Thread.run(Unknown Source)
Is it something serious or they had tried run NIMDA virus files or something
like that?
What do you think?
Best regards,
Jenya Strokin
-------------------------------------------------
Only a young and very healthy cretin can believe,
as if the world is an objective reality
not dependent on our consciousness.
--------------------------------------------------
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
