Thanks for the input. I tried doing what you said with iptables, but it doesnt recognize it as a command. Any suggestions? On Tue, 2002-11-26 at 03:55, David Durst wrote: > Well your first assumption is kind of correct in a odd sort of way, > I get this all day long on my web server. > > In short what you are probably seeing is a virus. > > In long it could be some moron trying to run a exploit againest a NT > machine, but whatever/whoever it is - if they had half a brain they would > have port scanned you and figured out you are not a NT machine. > > I wouldn't worry about it, but what you might want to do if you are > not concerned w/ people that have viriii on they're puter such as this > person having access to your web server just. > > > iptables -A INPUT -s 199.203.11.241 -j DROP > > or just replace the offending IP address w/ whoever you feel like :) > > Good times > > > I currently have apache up and running and I was looking through my > > security log, and this popped up: > > > > 199.203.11.241 - - [26/Nov/2002:01:43:58 -0500] "GET > > /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 346 "-" "-" > > > > Doesn't look too good to me. Can someone explain what this person was > > trying to do? Whatever he did, it gave the following error: > > > > [Tue Nov 26 01:43:58 2002] [error] [client 199.203.11.241] File does not > > exist: /var/www/html/scripts > > > > Thanks for any help. > > > > > > -- > Psyche-list mailing list > Psyche-list@redhat.com > https://listman.redhat.com/mailman/listinfo/psyche-list > -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
