attacked? hacked? help.....!

Lisa Durham lisa at natec.net
Tue Dec 9 05:47:20 UTC 2003 

Mike Klinke wrote:
> On Tuesday 09 December 2003 05:26, Lisa Durham wrote:
> 
>>I am very new to Linux but was poking around in my newly setup Fedora
>>Core 1 system today and came upon the lines below in the Apache
>>Access Log when I used the "System Logs" icon in the System Tools
>>Menu.
>>
>>Is the IP at the beginning of each line the IP that requested the
>>file that is shown at the end of the line? with the date and time in
>>the center? If this isn't what's shown in this file, what is this
>>format? What does this file tell me? Am I paranoid, or was someone
>>trying to access my machine (but ignorantly assuming it was a Windows
>>machine)?
>>
>>
>>quoted Apaches Access Log:
>>
>>24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET
>>/scripts/root.exe?/c+dir HTTP/1.0" 404 327 "-" "-"
>>24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET
>>/MSADC/root.exe?/c+dir HTTP/1.0" 404 325 "-" "-"
>>24.60.93.48 - - [07/Dec/2003:14:39:47 -0600] "GET
>>/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
>>24.60.93.48 - - [07/Dec/2003:14:39:48 -0600] "GET
>>/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-"
>>24.60.93.48 - - [07/Dec/2003:14:39:48 -0600] "GET
>>/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349
>>"-" "-" 24.60.93.48 - - [07/Dec/2003:14:39:48 -0600] "GET
>>/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>>HTTP/1.0" 404 366 "-" "-"
<snip>
>>24.199.161.83 - - [07/Dec/2003:17:59:03 -0600] "GET
>>/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 349
>>"-" "-" 217.120.149.161 - - [07/Dec/2003:18:27:17 -0600] "GET
>>/scripts/nsiislog.dll" 404 331 "-" "-"
>>
>>----------------------------------------
>>
>>Thanks,
>>Lisa
> 
> 
> 
> This is normal. What you're seeing is Internet worm scans looking to 
> break into vulnerable Windows systems. 
> 
> Regards,  Mike Klinke
> 

Thanks, Mike.

Are there similar 'worm scans' for Linux boxes? What should I do to 
protect my machine from them if there are? (point me towards a good 
website or book explaining this if you can.)

Lisa

More information about the users mailing list