[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] log entries - is someone trying to hack me?
Hi Joseph! This is indeed a hack attempt, but it's likely to origin from Nimda-infected machines. We can still see quite some amounts of these scans on the net. Lars > -----Original Message----- > From: Joseph LeMay [mailto:[email protected]] > Sent: Monday, February 10, 2003 23:35 > To: [email protected] > Subject: [FW-1] log entries - is someone trying to hack me? > > > These are some entries from my web server log (it's a domino server). > there's more, but I don't want to make the post too long. > is this a hack attempt? > > Joseph LeMay > [email protected] > > ----- Forwarded by Joseph LeMay/Emrose on 02/10/2003 05:31 PM ----- > Date: 02/10/2003 12:49:57 PM > User Address: 208.164.178.29 > Authenticated User: - > Status: 404 > Content Length: 200 > Content Type: text/html > Request: GET /scripts/root.exe?/c+dir HTTP/1.0 > Browser Used: > Error: > Referring URL: > Server Address: www > Elapse Time (ms): 16 > ----- Forwarded by Joseph LeMay/Emrose on 02/10/2003 05:31 PM ----- > Date: 02/10/2003 12:50:04 PM > User Address: 208.164.178.29 > Authenticated User: - > Status: 404 > Content Length: 200 > Content Type: text/html > Request: GET /MSADC/root.exe?/c+dir HTTP/1.0 > Browser Used: > Error: > Referring URL: > Server Address: www > Elapse Time (ms): 141 > ----- Forwarded by Joseph LeMay/Emrose on 02/10/2003 05:31 PM ----- > Date: 02/10/2003 12:50:08 PM > User Address: 208.164.178.29 > Authenticated User: - > Status: 404 > Content Length: 200 > Content Type: text/html > Request: GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 > Browser Used: > Error: > Referring URL: > Server Address: www > Elapse Time (ms): 16 > ----- Forwarded by Joseph LeMay/Emrose on 02/10/2003 05:31 PM ----- > Date: 02/10/2003 12:50:14 PM > User Address: 208.164.178.29 > Authenticated User: - > Status: 404 > Content Length: 200 > Content Type: text/html > Request: GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0 > Browser Used: > Error: > Referring URL: > Server Address: www > Elapse Time (ms): 0 > ----- Forwarded by Joseph LeMay/Emrose on 02/10/2003 05:31 PM ----- > Date: 02/10/2003 12:50:22 PM > User Address: 208.164.178.29 > Authenticated User: - > Status: 404 > Content Length: 200 > Content Type: text/html > Request: GET > /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 > Browser Used: > Error: > Referring URL: > Server Address: www > Elapse Time (ms): 16 > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|