Anadi Taylor wrote:
Hi all,This is an attempt to break your system with a "cod-red2 worm" but from your log result that no exploit is go on.
I have a question that is unrelated to perl, the only reason I am asking you is because of the help I have recieved from you all with my perl related questions. I hope you can be as helpfull in helping me to resolve this issue.
I am running a Windows server (I know a lot of you dont like windows, but its what I have to work with ;(( - we all have our cross to bear !! lol) and someone keeps trying to compromise my IIS security and hack into my system. They havent been able to get in but they have managed to 'blow out' my IIS to the extent I had to rebuild it.
Here is a snip of the log:
#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2002-11-12 07:17:07
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
2002-11-12 07:17:07 200.66.254.81 - MY.IP.ADD 80 GET /default.ida NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 401 -
2002-11-12 07:45:18 218.12.29.30 - MY.IP.ADD 80 GET /default.ida NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 401 -
2002-11-12 08:31:41 80.193.128.169 - MY.IP.ADD 80 GET /scripts/root.exe /c+dir 401 -
Can anyone tell me what they are doing and how they are doing this, or where I can find out about how they are doing this, and is there anyway I can prevent them from even trying to do this ?????
Thank you all in advance,
Anadi
You are just a dewdrop, and as you meditate the dewdrop starts slipping from the petals of the Lotus towards the ocean. When the meditation is complete, the dewdrop has disappeared into the ocean. Or you can say, the ocean has disappeared into the dewdrop.
Bhagwan Shree Rajneesh.
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
the code at the end of the line "401" mean that authorization is required for exec the default.IDA file.
So maybe nobody had break your server, but some machine attempt to infect your server.
So make a pleasure to you patch your server an check every day your logs, or better pass to linux :-)).
Bye.
G. Saffioti.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
