I have just been looking through the http error log on my server. I am seeing errors that look to me like people trying to call nt shell files.
eg.
[Wed May 7 21:31:20 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/MSADC/root.exe
[Wed May 7 21:31:20 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/c/winnt/system32/cmd.exe
[Wed May 7 21:31:20 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/d/winnt/system32/cmd.exe
[Wed May 7 21:31:20 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
[Wed May 7 21:31:21 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Wed May 7 21:31:21 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Wed May 7 21:31:21 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
[Wed May 7 21:31:21 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..Á../winnt/system32/cmd.exe
[Wed May 7 21:31:24 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..À¯../winnt/system32/cmd.exe
[Wed May 7 21:31:24 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..Áœ../winnt/system32/cmd.exe
[Wed May 7 21:31:25 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..%5c../winnt/system32/cmd.exe
[Wed May 7 21:31:25 2003] [error] [client 213.204.154.103] File does not exist: /home/e-smith/files/primary/html/scripts/..%2f../winnt/system32/cmd.exe
there are lots of lines such as these all originating from different addresses.
Should i be concerned?
most of the errors originate from ip addresses in the same network as my external network.
Is it possible for anybody to gain access to my system via a method such as this one?
JC