!!!!URGENT - SCARY website LOGS!!!!

• From: "Sushil Bhalla" <sushilb@xxxxxxxxxxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Tue, 26 Mar 2002 23:06:54 -0700

Hello All,

I have W2K, E2K, ISA2K, ISM all installed on one server.

Recently I have allowed inbound HTTPServer Inbound (port 80) connection
(through ISA PACKET FILTERING) to allow my website to be viewed and after
going though my website logs, I got very worried.

Following is what I am getting my logs every few hours. 

Can someone tell me URGENTALLY what kind of request are these? Should I be
worried? What can I do to prevent these?

Thanks in advance for any help.

Sushil Bhalla

#Date: 2002-03-27 00:19:03
#Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port
cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes
cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie)
cs(Referer)
2002-03-27 00:19:03 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/scripts/root.exe /c+dir 404 3 3396 72 15 HTTP/1.0 www - - -
2002-03-27 00:19:04 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/MSADC/root.exe /c+dir 404 3 3396 70 0 HTTP/1.0 www - - -
2002-03-27 00:19:09 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 3 3396 80 0 HTTP/1.0 www - - -
2002-03-27 00:19:10 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 3 3396 80 16 HTTP/1.0 www - - -
2002-03-27 00:19:11 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 404 3 3396 96 16 HTTP/1.0
www - - -
2002-03-27 00:19:14 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3 3396
117 0 HTTP/1.0 www - - -
2002-03-27 00:19:19 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3 3396
117 0 HTTP/1.0 www - - -
2002-03-27 00:19:20 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
/c+dir 404 3 3396 145 0 HTTP/1.0 www - - -
2002-03-27 00:19:22 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/scripts/..Á../winnt/system32/cmd.exe /c+dir 404 3 3396 97 0 HTTP/1.0 www
- - -
2002-03-27 00:19:23 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 3 3396 97 15 HTTP/1.0 www - - -
2002-03-27 00:19:25 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/winnt/system32/cmd.exe /c+dir 404 3 3396 97 0 HTTP/1.0 www - - -
2002-03-27 00:19:27 203.200.51.30 - W3SVC3 SERVER mye.xte.rna.lip 80 GET
/winnt/system32/cmd.exe /c+dir 404 3 3396 97 16 HTTP/1.0 www - - -

Other related posts:

• » !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!
• » RE: !!!!URGENT - SCARY website LOGS!!!!

1. Home
2. isalist
3. Archive
4. 03-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---