gien
2002-05-06, 10:06 AM
#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2002-05-02 00:05:33
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
2002-05-02 00:05:33 138.206.161.195 - WebServerIP 80 GET / - 401 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+4.0)
2002-05-02 00:20:41 61.77.111.18 - WebServerIP 80 GET /<Rejected-By-UrlScan> ~/scripts/root.exe 401 -
-以下全是這個 IP 的動作 61.77.111.18
/<Rejected-By-UrlScan> ~/MSADC/root.exe 401 -
/<Rejected-By-UrlScan> ~/c/winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/d/winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%255c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%c1%1c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%c0%2f../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%c0%af../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%c1%9c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%%35%63../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%%35c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%25%35%63../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%252f../winnt/system32/cmd.exe 401 -
是不是 61.77.111.18 嘗試著從我的執行 cmd.exe
該如何防範呢
贊助商連結
#Version: 1.0
#Date: 2002-05-02 00:05:33
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
2002-05-02 00:05:33 138.206.161.195 - WebServerIP 80 GET / - 401 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+4.0)
2002-05-02 00:20:41 61.77.111.18 - WebServerIP 80 GET /<Rejected-By-UrlScan> ~/scripts/root.exe 401 -
-以下全是這個 IP 的動作 61.77.111.18
/<Rejected-By-UrlScan> ~/MSADC/root.exe 401 -
/<Rejected-By-UrlScan> ~/c/winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/d/winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%255c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%c1%1c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%c0%2f../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%c0%af../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%c1%9c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%%35%63../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%%35c../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%25%35%63../winnt/system32/cmd.exe 401 -
/<Rejected-By-UrlScan> ~/scripts/..%252f../winnt/system32/cmd.exe 401 -
是不是 61.77.111.18 嘗試著從我的執行 cmd.exe
該如何防範呢
贊助商連結