Re: [users@httpd] Hacker?

[stephane <st...@parenton.com>]

---- Original Message -----
From: "H. Carter Harris" <ca...@technettn.net>
To: <us...@httpd.apache.org>
Sent: Thursday, December 05, 2002 3:11 AM
Subject: [users@httpd] Hacker?


> I have a test apache system where I am trying to learn how to use it.  I
got
> the access_log file working and I noticed the following entries in the
log:
>
> 66.137.7.57 - - [02/Dec/2002:19:49:26 -0500] "GET
> /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 -
> 61.56.232.58 - - [02/Dec/2002:19:49:53 -0500] "HEAD / HTTP/1.0" 404 0
> 208.47.206.2 - - [02/Dec/2002:22:01:40 -0500] "GET
>
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+copy+c:\winnt\system32\cmd.
> exe+c:\inetpub\scripts\script.exe HTTP/1.1" 404 246
> 207.198.31.238 - - [03/Dec/2002:00:15:16 -0500] "GET
>
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+copy+c:\winnt\system32\cmd.
> exe+c:\inetpub\scripts\script.exe HTTP/1.1" 404 246
> 195.92.95.61 - - [03/Dec/2002:05:16:21 -0500] "HEAD
> /cobalt-images/welcome2.gif HTTP/1.0" 404 0
> 202.62.83.82 - - [03/Dec/2002:10:25:49 -0500] "HEAD / HTTP/1.0" 404 0
> 6
>
> This installation is on a Mandrake Linux box, not NT.  Is someone trying
to
> hack into the system?

this is a common try, I guess, of someone that does not know what he aims
at.... he tries to reach the cmd.exe (the windows shell) regardless of what
platform he attacks... once in a while, he could ge a windows box....

You can say it's an attack.... I don't know if there is a trap to these
attemps (sort of cmd.exe shell script that could trace the guy...)

Stephane



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org