Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Hacking Attempts?
« previous next »
Pages: [1]   Go Down

Hacking Attempts?

  • 2 Replies
  • 454 Views

John

Hacking Attempts?
« on: May 10, 2003, 11:02:39 PM »
I have just been looking through the http error log on my server. I am seeing errors that look to me like people trying to call nt shell files.

eg.

[Wed May  7 21:31:20 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/MSADC/root.exe
[Wed May  7 21:31:20 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/c/winnt/system32/cmd.exe
[Wed May  7 21:31:20 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/d/winnt/system32/cmd.exe
[Wed May  7 21:31:20 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
[Wed May  7 21:31:21 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Wed May  7 21:31:21 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Wed May  7 21:31:21 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
[Wed May  7 21:31:21 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..Á../winnt/system32/cmd.exe
[Wed May  7 21:31:24 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..À¯../winnt/system32/cmd.exe
[Wed May  7 21:31:24 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..Áœ../winnt/system32/cmd.exe
[Wed May  7 21:31:25 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
[Wed May  7 21:31:25 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..%2f../winnt/system32/cmd.exe

there are lots of lines such as these all originating from different addresses.
Should i be concerned?
most of the errors originate from ip addresses in the same network as my external network.
Is it possible for anybody to gain access to my system via a method such as this one?

JC
Logged

Terry

Re: Hacking Attempts?
« Reply #1 on: May 10, 2003, 11:23:21 PM »
That's an infected Windows machine trying to exploit using Code Red or Nimda.  It's harmless to a SM box.
Logged

Tom Carroll

Re: Hacking Attempts?
« Reply #2 on: May 11, 2003, 05:16:30 AM »
I have seen a lot of errors in my log file looking for a file called default.ida.  I just created a blank file with that name in my primary html directory.  It no longer appears in my errors log.

You can probably do the same with the cmd.exe and other files it is looking for.  One way or the other, it will be logged, thereby making your log files bigger... :(

Tom
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Hacking Attempts?