Re: IIS Log File
From: Allen Harkleroad - Microsoft MVP (allenharkleroad@spamcop.net)
Date: 09/11/02
- Next message: Allen Harkleroad - Microsoft MVP: "Re: IIS Log File"
- Previous message: Allen Harkleroad - Microsoft MVP: "Re: tacacs with 2000 server"
- In reply to: Evan Camilleri: "IIS Log File"
- Next in thread: S. Hussain Akbar: "Re: IIS Log File"
- Reply: S. Hussain Akbar: "Re: IIS Log File"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Allen Harkleroad - Microsoft MVP" <allenharkleroad@spamcop.net> Date: Wed, 11 Sep 2002 07:21:56 -0400
It is most likely a worm trying to gain access to your system the 500 on the
end means a error on trying to access the file.
Check the permissions of cmd.exe in your /system32 folder. Only
administrators and system should have full access, remove permissions for
anything or anyone else form that file. It will help prevent worms and other
malicious application from doing anything, unless of course an administrator
logs in and malicious file gets executed.
Allen
-- Allen Harkleroad Microsoft MVP 1996 to present "please keep replies in the newsgroup so others can benefit, email requests will be ignored" Spammers can send email to: blockme@relays.osirusoft.com (if you want to be added to the black list) "Evan Camilleri" <evan.nospam@holistic.com.mt> wrote in message news:uPhEhlKWCHA.436@tkmsftngp10... What does the following mean in the log file? 2002-09-10 07:54:24 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir 500 - Evan Camilleri
- Next message: Allen Harkleroad - Microsoft MVP: "Re: IIS Log File"
- Previous message: Allen Harkleroad - Microsoft MVP: "Re: tacacs with 2000 server"
- In reply to: Evan Camilleri: "IIS Log File"
- Next in thread: S. Hussain Akbar: "Re: IIS Log File"
- Reply: S. Hussain Akbar: "Re: IIS Log File"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
