Actually, I noticed some rather odd requests on a temporarily running web server on my IP the other day. I just took it as noise from the local network, but if it happens again I will note it more thouroughly. > It can sure be a hacker.. But it could be a virus somewhere who are > trying > all those IE hacks.. > We se those things in our web log files every day at work.. > > //Mikael H , #E-1613 > > > -----Ursprungligt meddelande----- > > Från: openbeos-bounce@xxxxxxxxxxxxx > > [mailto:openbeos-bounce@xxxxxxxxxxxxx]För Daniel Reinhold > > Skickat: den 19 mars 2002 08:49 > > Till: Public OBOS mailing list > > Ämne: [openbeos] I think someone tried to hack into my machine > > > > > > Ok, this was rather interesting. It happened just about > > fifteen minutes > > ago (as I'm writing this). > > > > I'm online (PPP dialup) and am also running a local webserver (i.e. > > sending requests to loopback address 127.0.0.1). Yeah, that's > > asking > > for trouble, at least theoretically. That is, someone on the > > internet, > > if they happened to get a hold of my (temporary, dynamically > > assigned) > > IP, could send requests for local files and have them sent back out > > across the network. I've never had anything weird happen before, so > > I've always been pretty blase about the security risk. > > > > Anyway, I'm just testing some news items locally before copying > > them > > over to the OpenBeOS website (which is my usual MO). > > Suddenly, I notice > > the Terminal window (largely covered by another window, but > > partially > > showing) has a flurry of text flying by and the DUN replicant in > > the > > Deskbar shows lots of bytes transmitting back and forth. Wtf? So I > > uncover the Terminal window (which is running the webserver) and > > see > > that a number of unusual requests have just been attended to. > > Here's > > the first one: > > > > GET /scripts/root.exe?/c+dir HTTP/1.0 > > Host: www > > Connnection: close > > > > The remaining requests all look like that but with different > > URLs. Here > > are the other URLs that were requested: > > > > GET /MSADC/root.exe?/c+dir HTTP/1.0 > > GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 > > GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0 > > GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 > > GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe? > > /c+ > > dir HTTP/1.0 > > GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe? > > /c+ > > dir HTTP/1.0 > > GET > > /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c.. > > /winnt/system32/cmd.exe?/c+dir HTTP/1.0 > > GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 > > GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0 > > > > To me, that looks all the world like some hacker trying to grab > > files > > from my local machine. Could there be another explanation? > > > > Of course, I'm running BeOS (and don't have NT) so my local > > webserver > > just returned a bunch of 404 (Not found) responses. Still, makes > > you > > wonder. > > > > Has anyone else on this list had any similar experiences? What do > > you > > make of this? > > > > > >