Should I look into this further?

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Should I look into this further?

Post by genetix »

I'm not much of an "expert" when it comes to apache log files but I just noticed this while browsing through them:

Code: Select all

їFri Dec 10 14:44:48 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/scripts/root.exe
їFri Dec 10 14:44:49 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/msadc/root.exe
їFri Dec 10 14:44:50 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/c/winnt/system32/cmd.exe
їFri Dec 10 14:44:51 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/d/winnt/system32/cmd.exe
їFri Dec 10 14:44:53 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/scripts/..%5c/winnt/system32/cmd.exe
їFri Dec 10 14:44:53 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/_vti_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
їFri Dec 10 14:44:55 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/_mem_bin/..%5c/..%5c/..%5c/winnt/system32/cmd.exe
їFri Dec 10 14:44:56 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/msadc/..%5c/..%5c/..%5c/..Á/..Á/..Á/winnt/system32/cmd.exe
їFri Dec 10 14:44:56 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/scripts/..Á/winnt/system32/cmd.exe
їFri Dec 10 14:44:59 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/scripts/..À¯/winnt/system32/cmd.exe
їFri Dec 10 14:45:00 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/scripts/..Áœ/winnt/system32/cmd.exe
їFri Dec 10 14:45:03 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/scripts/..%5c/winnt/system32/cmd.exe
їFri Dec 10 14:45:04 2004] їerror] їclient 24.99.59.199] File does not exist: c:/appserv/www/webdummy/www/scripts/..%2f/winnt/system32/cmd.exe
I'm assuming they were trying to send commands to my server. Something I should send over to their ISP?

I'm not sure if this is someone trying to get in or not thats why I'm asking. I dont want to be submitting false reports. I have looked up the guys IP and I know his location and what not. Hes not behind a proxy or anything so he most likely aint going anywhere.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

it's a bot scanning for vulnerable servers.. my server gets hit with hundreds of queries a day.. I've reported the logs to the network admins of my ISP, they haven't done anything that I know of.. but the ISP doesn't tell us much anyways.. so.. dunno.
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Post by genetix »

okay so its not something I really have to worry about then. I might make a small script sometime soon just to scan my logs like once a week for any rows with cmd.exe in them. When I have the time...
Post Reply