Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

what does this IIS log tell me...

Posted on 2001-06-06
4
Medium Priority
?
1,673 Views
Last Modified: 2008-02-07
The following entries are found in my IIS log file. Please tell me what does it mean. (NT4 + IIS4) Thanks,

2001-05-19 08:27:14 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/../../winnt/system32/cmd.exe /c+dir 404 3 604 85 150 80 HTTP/1.0 - - -
2001-05-19 08:27:14 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/..\../winnt/system32/cmd.exe /c+dir 404 3 604 85 160 80 HTTP/1.0 - - -
2001-05-19 08:27:15 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/..\../winnt/system32/cmd.exe /c+dir 404 3 604 85 160 80 HTTP/1.0 - - -
2001-05-19 08:27:15 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/../../winnt/system32/cmd.exe /c+dir 404 3 604 85 160 80 HTTP/1.0 - - -
2001-05-19 08:27:16 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/../../winnt/system32/cmd.exe /c+dir 404 3 604 85 150 80 HTTP/1.0 - - -
2001-05-19 08:27:16 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/..\../winnt/system32/cmd.exe /c+dir 404 3 604 85 160 80 HTTP/1.0 - - -
2001-05-19 08:27:18 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/..A../winnt/system32/cmd.exe /c+dir 404 3 604 85 160 80 HTTP/1.0 - - -
2001-05-19 08:27:18 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/..\../winnt/system32/cmd.exe /c+dir 404 3 604 85 160 80 HTTP/1.0 - - -
2001-05-19 08:27:19 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/..o../winnt/system32/cmd.exe /c+dir 404 3 604 85 160 80 HTTP/1.0 - - -
2001-05-19 08:27:19 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/../../winnt/system32/cmd.exe /c+dir 404 3 604 88 140 80 HTTP/1.0 - - -
2001-05-19 08:27:21 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/..????../winnt/system32/cmd.exe /c+dir 404 3 604 91 160 80 HTTP/1.0 - - -
2001-05-19 08:27:21 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/..?????../winnt/system32/cmd.exe /c+dir 404 3 604 94 170 80 HTTP/1.0 - - -
2001-05-19 08:27:22 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /scripts/..u?????../winnt/system32/cmd.exe /c+dir 404 3 604 97 140 80 HTTP/1.0 - - -
2001-05-19 08:27:22 202.64.252.67 - W3SVC3 SDC1M004 10.2.2.254 GET /msadc/../../../../../../winnt/system32/cmd.exe /c+dir 404 3 604 114 160 80 HTTP/1.0 - - -
0
Comment
Question by:jians
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
dredge earned 20 total points
ID: 6160688
that means that someone was trying to exploit the UNICODE bug in IIS4.

this was a but that allowed a user to execute command shells through a web page by breaking out of your directory structure by using a unicode error in IIS.

you should install NT Service Pack 6a to fix this problem.
0
 

Author Comment

by:jians
ID: 6161012
Could you point me a link with more details? Thanks!
0
 
LVL 5

Expert Comment

by:dredge
ID: 6161079
http://www.microsoft.com/technet/iis/

I can't seem to find the specific Unicode bug anymore, but it used to be listed on the front page.

Service Pack 6a fixes this problem, though.
0
 

Author Comment

by:jians
ID: 6161249
Thanks a lot!
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question