HPE Community
Operating System - Linux
1844882 Members
2670 Online
110233 Solutions
New Discussion

Hack attempts ??

 
SOLVED
Go to solution
Vernon Brown_2
Frequent Advisor

‎04-24-2002 06:19 AM

‎04-24-2002 06:19 AM

Hack attempts ??

Thanks to all your help I finally have my LAN connected to the Internet through my Linux server which is running the Apache server. Within minutes of getting Apache on-line I noticed what looks like hack attempts. Example:
66.189.91.28 - - [23/Apr/2002:23:42:01 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 "-" "-"

Does anyone know what that is ?
0 Kudos
Reply
5 REPLIES 5
Ron Kinner
Honored Contributor

‎04-24-2002 07:52 AM

‎04-24-2002 07:52 AM

Solution

Re: Hack attempts ??

Definitely a hack attempt. Probably nimda or one of the code reds.

Ron

http://research.digitalrice.com/knowledge/notes_nimda.html

http://www.faqts.com/knowledge_base/view.phtml/aid/11984/fid/276

Reply
Vernon Brown_2
Frequent Advisor

‎04-24-2002 08:43 AM

‎04-24-2002 08:43 AM

Re: Hack attempts ??

Thanks Ron; I'll go to the URL's you posted and start researching.
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

‎04-24-2002 03:38 PM

‎04-24-2002 03:38 PM

Re: Hack attempts ??

Hack city.

There are several attacks out there that attempt to exploit a weakness in unpatched IIS (windoze) servers. Both Nimda and Code Red attempt to get the web server to run the CMD.EXE shell, and if they can get a response back on the attempt, go on to attempt various nefarious things.

While neither of these viruses are threats to the commercial world (unless there's still someone out there running unpatched systems) they are running fairly freely through the illiterati that have constant internet connections and no concept of nor concern for security. I was seeing about 100 attempts per day until I got tired of all the logging and decided to black list every address that attempted the attack. My firewall takes a LONNNG time to start up now :) but my logs stay small.

http://www.securityfocus.com is a pretty good resource for info on current threats.

Best Regards

Mark
0 Kudos
Reply
George_Dodds
Honored Contributor

‎04-25-2002 06:03 AM

‎04-25-2002 06:03 AM

Re: Hack attempts ??

Looks like code red, we had the same entries in our logs a while go, check for outgoing connections from your server as it usually tries to bounce out to windows servers, we had a couple of calls and had to pull the plug on the server till it was sorted.

Cheers

George
0 Kudos
Reply
Vernon Brown_2
Frequent Advisor

‎04-25-2002 06:56 AM

‎04-25-2002 06:56 AM

Re: Hack attempts ??

Thanks for your responses !
My GET requests for cmd.exe are more like 1000 per day now. I grep'ed them into a text file and sent it to abuse@centurytel.net. All of my hits are coming from the CenturyTel DSL network.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.