On Tue, 2002-11-26 at 08:12, Joshua Melbourne White wrote: > I currently have apache up and running and I was looking through my > security log, and this popped up: > > 199.203.11.241 - - [26/Nov/2002:01:43:58 -0500] "GET > /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 346 "-" "-" > > Doesn't look too good to me. Can someone explain what this person was > trying to do? Whatever he did, it gave the following error: > > [Tue Nov 26 01:43:58 2002] [error] [client 199.203.11.241] File does not > exist: /var/www/html/scripts > > Thanks for any help. > Hi, The following links have relevant info. http://www.searchengineposition.com/info/Articles/viewyourlogs_hacks.asp http://www.nobug.org/Meetings/meetings_files/Halsey-1-8-02.ppt http://www.sbslinks.com/ISA_LOGS.htm Regards Philip Wyett -- AIM: PhilipWyett ICQ: 135463069 Email: philipwyett@dsl.pipex.com -- Public key ID: 39018C68 Public key stored at: http://www.keyserver.net --
Attachment:
signature.asc
Description: This is a digitally signed message part
