The entries you are seeing are caused by the army of infected MS IIS server (Codered, Nimda, etc) try to hack into other IIS servers at random. I see these on every web server I manage that aren't behind a firewall (ie, blocking port 80).
Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix ----- Original Message ----- From: "Luiz Carlos Santos de Alencar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 26, 2002 12:50 PM Subject: Re: iptables filtering rules > Andras GALAMBOSI wrote: > > > Hello all, > > > > ... > > as the webserver is an ii$, I am sure, that some firewall rules must be set > > up for these two ports. The access.log shows, that is a MUST: > > GET /scripts/root.exe?/c+dir HTTP/1.0 > > GET /MSADC/root.exe?/c+dir HTTP/1.0 > > GET /c/winnt/system32/cmd.exe?/... > > Hi > > I've found entries like this in the log of a site recently migrated > from a NT to a BeOS box; probably due to the old structure of some > web pages still dependents of M$ typical server extensions, in my > situation. > > --- Luiz > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
