Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Darren on January 03, 2002, 07:41:56 AM

Title: is this a virus hack or a person hack
Post by: Darren on January 03, 2002, 07:41:56 AM

i found this in my httpd access log is this someone tring to hack my computer or a virus.
i know i don't have any problems cause there is no cmd.exe in linux but i would like to know whats attacking my system

203.76.8.10 - - [03/Jan/2002:10:08:32 +1000] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
203.76.8.10 - - [03/Jan/2002:10:08:32 +1000] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
203.76.8.10 - - [03/Jan/2002:10:08:33 +1000] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"

Title: Re: is this a virus hack or a person hack
Post by: Des Dougan on January 03, 2002, 07:48:44 AM

This is the Nimda worm. There are still plenty of unpatched IIS servers out there....


Des Dougan

Title: Re: is this a virus hack or a person hack
Post by: Luke Drumm on January 03, 2002, 11:31:17 AM

One should that you're safe, a search on this board will reveal all sorts of interesting bits on this (and related) beasties and should you want to start collecting stats you'll want somthing like whats on show at http://familybrown.org/apache-hits.php

Enjoy.

Title: Re: is this a virus hack or a person hack
Post by: Alexie on January 03, 2002, 05:24:16 PM

I have the same problem here, with worm's..http://www.zbox.dk/worm.php