Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hacker Attempt! Please Help... 1

Status
Not open for further replies.
redhat22

redhat22

Programmer
Jan 10, 2004
1
0
0
US
This is showing up in my access file... What does it mean?

24.169.16.146 - - [09/Jan/2004:23:00:17 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284

24.169.16.146 - - [09/Jan/2004:23:00:17 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
24.169.16.146 - - [09/Jan/2004:23:00:18 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292

Also, what does this mean...

24.8.122.80 - - [10/Jan/2004:22:15:07 -0700] "GET /default.ida?XXXXX...XXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 287

Do I have a hacker? How can I block them from accessing my server?
 
Sort by date Sort by votes
They are probably a combination of works and hackers.

Your running apache, nothing to worry about here. These are IIS exploits.
 
Upvote 0 Downvote
siberian is correct, you are being hit by IIS worms.

If you want to save the bandwidth these are comsuming, or stop the error.log entries, enter this in your httpd.conf:

redirect /scripts redirect /MSADC redirect /c redirect /d redirect /_mem_bin redirect /msadc redirect /_vti_bin redirect /null.ida RedirectMatch (.*)\cmd.exe RedirectMatch (.*)\root.exe RedirectMatch (.*)default.ida(.*) RedirectMatch (.*)null.ida(.*) RedirectMatch (.*)\null.ida(.*)

Tracey
Remember... True happiness is not getting what you want...

Its wanting what you have got!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
71
Krus1972
Krus1972
donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
116
spamjim
spamjim
harro1968
  • Locked
  • Question
Help with ProxyPass
Replies
0
Views
48
harro1968
harro1968
mjj4golf2
  • Locked
  • Question
Help with setting up a media server
Replies
2
Views
83
vacunita
vacunita
daniel.warner
  • Locked
  • Question
Desperately need help setting up wildcard certs on Apache/Tomcat
Replies
2
Views
87
daniel.warner
daniel.warner

Part and Inventory Search

Sponsor

Back
Top