Well your first assumption is kind of correct in a odd sort of way, I get this all day long on my web server. In short what you are probably seeing is a virus. In long it could be some moron trying to run a exploit againest a NT machine, but whatever/whoever it is - if they had half a brain they would have port scanned you and figured out you are not a NT machine. I wouldn't worry about it, but what you might want to do if you are not concerned w/ people that have viriii on they're puter such as this person having access to your web server just. iptables -A INPUT -s 199.203.11.241 -j DROP or just replace the offending IP address w/ whoever you feel like :) Good times > I currently have apache up and running and I was looking through my > security log, and this popped up: > > 199.203.11.241 - - [26/Nov/2002:01:43:58 -0500] "GET > /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 346 "-" "-" > > Doesn't look too good to me. Can someone explain what this person was > trying to do? Whatever he did, it gave the following error: > > [Tue Nov 26 01:43:58 2002] [error] [client 199.203.11.241] File does not > exist: /var/www/html/scripts > > Thanks for any help. -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
