Being cracked? (need help on apache log files)
We just got our ADSL and now have a server running Apache on a potato box
at home. DynDNS provides us with dynamic dns.
Today I found these lines in my acces.log:
213.133.35.205 - - [29/Oct/2001:12:54:40 +0100] "GET /scripts/root.exe?/c+dir HT
TP/1.0" 404 210
213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /MSADC/root.exe?/c+dir HTTP
/1.0" 404 208
213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /c/winnt/system32/cmd.exe?/
c+dir HTTP/1.0" 404 218
213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /d/winnt/system32/cmd.exe?/
c+dir HTTP/1.0" 404 218
213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /scripts/..%255c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 232
213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /_vti_bin/..%255c../..%255c
../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
213.133.35.205 - - [29/Oct/2001:12:54:41 +0100] "GET /_mem_bin/..%255c../..%255c
../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249
and so on. To me it looks as if 213.145.168.244 is trying
to execute some file giving him root access. Are someone trying to
crack my machine? What should I do?
--
Ole Sebastian Stein
osstein@stud.ntnu.no
Reply to: