gamehead200 Posted October 2, 2003 Share Posted October 2, 2003 OK, whenever I check my Apache access log that I have running, I always end up seeing someone trying to get this:"/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir"What exactly are they trying to do? Access my command prompt? Link to comment Share on other sites More sharing options...
ThA_FiLeR Posted October 2, 2003 Share Posted October 2, 2003 I'd say access command promt, then askin for dir command to view contents of C drive..BAWR... Link to comment Share on other sites More sharing options...
tosk Posted October 2, 2003 Share Posted October 2, 2003 That is in fact exactly what they're trying to do. Interesting... Link to comment Share on other sites More sharing options...
gamehead200 Posted October 2, 2003 Author Share Posted October 2, 2003 And whenever they try, they don't succeed! Checked my error logs as well, and it looks like Apache is giving them an error... Link to comment Share on other sites More sharing options...
ggtyh Posted October 2, 2003 Share Posted October 2, 2003 That's the path for the command prompt in Windows NT or 2000.If you are running Apache on another platform (usually on Linux), then it won't work.I guess the hacker thinks you are running IIS rather than Apache... Link to comment Share on other sites More sharing options...
gamehead200 Posted October 2, 2003 Author Share Posted October 2, 2003 If you are running Apache on another platform (usually on Linux), then it won't work.I guess the hacker thinks you are running IIS rather than Apache...Nope...I'm on buggy Windows running Apache 2.0.47! Link to comment Share on other sites More sharing options...
LouCypher Posted October 2, 2003 Share Posted October 2, 2003 That's a check for a server that's been compromised by Code Red. Link to comment Share on other sites More sharing options...
gamehead200 Posted October 2, 2003 Author Share Posted October 2, 2003 That's a check for a server that's been compromised by Code Red.Explain? Link to comment Share on other sites More sharing options...
MSNwar Posted October 2, 2003 Share Posted October 2, 2003 It means your PC has been exploited and he is executing the command to gain root or he is checking to see if someone else has exploited it and hopes to gain access. A lazy hacker. Link to comment Share on other sites More sharing options...
gamehead200 Posted October 2, 2003 Author Share Posted October 2, 2003 It means your PC has been exploited and he is executing the command to gain root or he is checking to see if someone else has exploited it and hopes to gain access. A lazy hacker.How do I know if my PC's been exploited? Check for updates? Link to comment Share on other sites More sharing options...
DaveXP Posted October 2, 2003 Share Posted October 2, 2003 i get something like that but my firewall says its a:F30002 DCE/RPC DCOM buffer overflow exploit attempt detected. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now