Someone Trying to Hack Me...

[gamehead200]

OK, whenever I check my Apache access log that I have running, I always end up seeing someone trying to get this:

"/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir"

What exactly are they trying to do? Access my command prompt?

[ThA_FiLeR]

I'd say access command promt, then askin for dir command to view contents of C drive..BAWR...

[tosk]

That is in fact exactly what they're trying to do. Interesting...

[gamehead200]

And whenever they try, they don't succeed! Checked my error logs as well, and it looks like Apache is giving them an error...

[ggtyh]

That's the path for the command prompt in Windows NT or 2000.

If you are running Apache on another platform (usually on Linux), then it won't work.

I guess the hacker thinks you are running IIS rather than Apache...

[gamehead200]

If you are running Apache on another platform (usually on Linux), then it won't work.

I guess the hacker thinks you are running IIS rather than Apache...

Nope...I'm on buggy Windows running Apache 2.0.47!

[LouCypher]

That's a check for a server that's been compromised by Code Red.

[gamehead200]

That's a check for a server that's been compromised by Code Red.

Explain?

[MSNwar]

It means your PC has been exploited and he is executing the command to gain root or he is checking to see if someone else has exploited it and hopes to gain access. A lazy hacker.

[gamehead200]

It means your PC has been exploited and he is executing the command to gain root or he is checking to see if someone else has exploited it and hopes to gain access. A lazy hacker.

How do I know if my PC's been exploited? Check for updates?

[DaveXP]

i get something like that but my firewall says its a:

F30002 DCE/RPC DCOM buffer overflow exploit attempt detected.