access my webserver using several weird pieces of crap. like : i'm using apache webserver on a win 2k system 3394 62.172.162.92 /scripts/root.exe?/c+dir May 21, 2002, 10:17 am 3395 62.172.162.92 /MSADC/root.exe?/c+dir May 21, 2002, 10:17 am 3091 62.131.72.128 /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir May 20, 2002, 9:36 pm 3092 62.131.72.128 /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir May 20, 2002, 9:36 pm now i suspect one of em of having nimda .. since when i visit the ip adress at the http port my virus scanner picks up a nice nimbda now how do i contact the admin of this webserver ? i mean i tried dns lookups and i didn't get a thing .. i want to warn these people ... i already put them in my deny from list :) but still ... help me

Please do not post the url's to infected servers. A curious unsuspecting user might type it in and become infected. Best thing to do is block it and ignore it. the fact that they are still infected by nimbda leads me to beleive they dont have an admin or they dont care.

first of all they are not url's :) they are logs. the first part is the log id line then comes the ip adress then comes the path they tried to access. then the date / time i scanned my logs and came up with a veeeery long list of people .... turns out they were using an iis scanner(or so says my classmate) i added all those ip's to my deny from list :) so they can't get on my webserver anymore. i also reported them to my isp. and hopefully they will report it to their isp

Don't waste your time with that and simply ignore them. If the involved admin is too lazy or stupid to secure their system, he will not even read your warning anyway. Otherwise, trying to trace and notice all thousands infected network will become a full-time job!!!

These are automated scans for known vulnerabilities in IIS. Most likely the computers doing the scanning are infected with nimda or a something similar, without the owners' knowledge. As Danny Larouche said, trying to trace or report all of these rogue boxes would be a full time job, and probably wouldn't be worth your time. A better idea would be to make sure your own box is as secure as possible. Since you're running Apache, the vulnerabilities being scanned for don't apply to you. You should still make sure your OS is patched though. Hfnetchk can scan your system and tell you what hotfixes you're missing. Anyway, if you still want to try and contact the owners of the boxes that are scanning you, whois can be a useful tool. 0 Response Number 5 Name: zippy Date: May 23, 2002 at 15:47:28 Pacific Reply: hmm....the last few lines of my post got truncated. oh well. anyway, try 0 Related Posts pct789t-c1 C1 postcode Mac, how do i print the contents of a directory how do enlarge safari? how do i transfer mp3 from pc to macbook awk a href See More Response Number 6 Name: zippy Date: May 23, 2002 at 15:48:33 Pacific Reply: yaargh.... use the ipwhois lookup at www.samspade.org 0 Response Number 7 Name: ShutMeUpOrDown:) Date: May 23, 2002 at 20:08:47 Pacific Reply: [a href="http://www.samspade.org>www.samspade.org[/a] The " after org. This is what killed the rest of your post. [a href="http://www.samspade.org"]www.samspade.org[/a] 0 Sponsored Link Ads by Google winksh? WinMX - Virus Post Locked This post is quite old and has been locked from receiving new replies. Please create a new posting instead. Go to Security and Virus Forum Home Sponsored links Ads by Google Results for: How do i report people who try to .... How do I.....? Summary: I have installed the EZ Firewall that came with the Feb. 2004 Security CD from Microsoft. I installed it just to see how it worked, and to see if I should purchase the full version. I got an alert ... www.computing.net/answers/security/how-do-i/11225.html How can I identify dll that tries t Summary: Hi guys I got this problem when I probably downloaded and installed some software.. Whenever a few programs - not all, only a few like IE, Outlook Express, and - very unfortunately - antivirus updater... www.computing.net/answers/security/how-can-i-identify-dll-that-tries-t/12529.html How do I trace a server? Summary: When I booted up tonight and dialed in to my ISP, Sygate firewall told ne that WIn32 kernel core component was trying to connect to.. a certain location, as in ###.#.#.#. This is not the address of m... www.computing.net/answers/security/how-do-i-trace-a-server/4093.html From the Geek Dictionary thread - Not referring to the type you sew with, instead it is referring to forum's ... See More Ask a Question! Subject Message --Speciality Categories--Security and VirusGeneral HardwareCPUs/OverclockingNetworkingiPhoneDigital Photo/VideoOffice SoftwarePC GamingConsole GamingProgrammingDatabaseWeb DevelopmentDigital HomeDriversThe Lounge--General Categories--Windows XPWindows VistaWindows 7Windows 95/98Windows MeWindows NTWindows 2000Windows Server 2008Windows Server 2003Windows 3.1LinuxPDAsBeOSNovell NetwareOpenVMSSolarisDisk Operating SystemUnixMacOS/2 Weekly Poll What do you think of the new preview of Chrome OS? Like it Hate it It's OK I don't care View Results Poll Finishes Today. Discuss in The Lounge Poll History Recent Posts ipaq 2210 & win 7 & activsynch Batch File Help... system keep restaring Sporadic Boot Disk error - press any key All Awaiting Reply Tom's News New Final Fantasy XIII Trailer is 5 Minutes Long Guy Quits Job With Error Message Verizon Takes on Sprint's 3G Network (And Wins) iPhone Consumes 50% World's Mobile Data Traffic TV Market to Launch Cross-Platform App Store More Tom's Guide News Data Recovery Manufacturer List | About Us | Advertising Info | Contact Us The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy. PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE