Odd Apache Log Entry... Code red?
Mike Coleman
mkc at mathdogs.com
Thu Aug 9 19:06:47 CDT 2001
"Steven L. Brendtro" <sbrendtro at home.com> writes:
> Now how about this one... there are several log entries that start with:
> "GET /scripts/..%c1%9c../winnt/system32/cmd.exe... - 404"
> followed by several hundred lines of binary looking garbage:
> "�;øv�‰FÈ‹NÈ+Á‰E"
Interesting. I found several requests like this, the oldest back on May
31st. (!) So apparently this exploit has been around a while.
I wonder if these requests are being generated by a worm, or manually by some
script kiddie.
--Mike
More information about the Kclug
mailing list