Re: attacked? hacked? help.....!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Mike Klinke wrote:
On Tuesday 09 December 2003 05:26, Lisa Durham wrote:

I am very new to Linux but was poking around in my newly setup Fedora
Core 1 system today and came upon the lines below in the Apache
Access Log when I used the "System Logs" icon in the System Tools

Is the IP at the beginning of each line the IP that requested the
file that is shown at the end of the line? with the date and time in
the center? If this isn't what's shown in this file, what is this
format? What does this file tell me? Am I paranoid, or was someone
trying to access my machine (but ignorantly assuming it was a Windows

quoted Apaches Access Log: - - [07/Dec/2003:14:39:47 -0600] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 327 "-" "-" - - [07/Dec/2003:14:39:47 -0600] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 325 "-" "-" - - [07/Dec/2003:14:39:47 -0600] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" - - [07/Dec/2003:14:39:48 -0600] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" - - [07/Dec/2003:14:39:48 -0600] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349
"-" "-" - - [07/Dec/2003:14:39:48 -0600] "GET
HTTP/1.0" 404 366 "-" "-"
<snip> - - [07/Dec/2003:17:59:03 -0600] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349
"-" "-" - - [07/Dec/2003:18:27:17 -0600] "GET
/scripts/nsiislog.dll" 404 331 "-" "-"



This is normal. What you're seeing is Internet worm scans looking to break into vulnerable Windows systems.

Regards,  Mike Klinke

Thanks, Mike.

Are there similar 'worm scans' for Linux boxes? What should I do to protect my machine from them if there are? (point me towards a good website or book explaining this if you can.)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux