iis logs, and hackers

[gwillr]

when browsing the iis logs, it appears that there is a request to run cmd.exe. Whie the result is unsuccessful (thank god) am i correct that there is an external request on my server (pc runing xp) to run the command prompt?

Gary

 

[Shift838]

That what it sounds like..

 

[jasonboyes]

It actually sounds like a virus trying to get in or a hacker.

Rich Cook -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning."

 

[gwillr]

Yeah, that is what I had figured. In the logs, the result is not successful, which is good. Is there any thing i can do extra, that will further ensure that these requests are not granted?

Gary

 

[jasonboyes]

Yep make sure that you are up to date on security patches for Windows. and run the IIS lockdown tool here:

http://www.microsoft.com/downloads/...fc0-bb30-47eb-9a61-fd755d23cdec&DisplyLang=en

Jason

Rich Cook -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning."

 

[thedman00]

There are various viruses that will also show a hit a your log file attempting to access cmd.exe. Nimda I believe does

 

[gwillr]

thanks thedman00. the log hits for that cmd request are there almost daily, so its kindof nerve racking!! they all show as unsuccessful, so do i have anything to worry about regarding this particular attack attempts?

Gary