A little more info....
> > I've found the following lines in my last log from my
> Cobalt4i, I don't
> > really know if it means something important, but looks to me how
> > somebody
> > was trying to use a sort of script on my server:
> >
> > ns.mydomain.com 207.175.129.160 - - [07/Apr/2001:06:50:01
> -0400] "GET
> >
> /scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0
> %af..%c0%af/wi
> > nnt/system32/cmd.exe?/c%20dir HTTP/1.0" 302 308 "-" "-"
> > ns2.mydomain.com 207.175.129.160 - - [07/Apr/2001:06:50:01
> > I'll appreciate if anybody of you could tell me what does
> it mean and
> > what
> > could I do to avoid risk my server.
>
> This is an attempt to exploit a standard known vulnerability
> on Windows IIS
> servers. Some script kiddie is trying to crack your box, but
> is too stupid to
> know the difference between IIS and Apache.
>
> As long as you keep up with the security patches, you should
> be fine. And of
> course, running Linux is a good way to avoid Windows NT attacks. :-)
I just want to echo what Paul said earlier...this is a Win hack and it will not affect you, but I would look at http://www.securityfocus.com/bid/1806 so that you will know what it is and can take action if you are also looking after IIS servers. Enjoy.
BTW if any one is looking after IIS servers and didn't know what the logs were right away look at the link also.
Good Day
Joe