Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is someone trying to hack my IIS web server? 1

Status
Not open for further replies.
Usalabs1

Usalabs1

Technical User
Jun 29, 2003
131
US
I've just examined the log files and found this:-

08:18:57 69.132.100.195 - W3SVC1 POST /_vti_bin/_vti_aut/fp30reg.dll 400
10:47:43 83.216.224.54 - W3SVC1 POST /_vti_bin/_vti_aut/fp30reg.dll 500

Does this mean that someone is trying to hack and failing dismally?

I also found in one of the log file this:-

22:04:35 24.227.71.171 HEAD /index.htm 200
22:04:35 24.227.71.171 HEAD /MSADC/root.exe 404
22:04:36 24.227.71.171 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:36 24.227.71.171 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:37 24.227.71.171 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:37 24.227.71.171 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:37 24.227.71.171 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:38 24.227.71.171 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:38 24.227.71.171 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:38 24.227.71.171 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:39 24.227.71.171 HEAD /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
22:04:39 24.227.71.171 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe 500
22:04:39 24.227.71.171 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe 500
22:04:39 24.227.71.171 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe 500
22:04:41 24.227.71.171 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe 500
22:04:41 24.227.71.171 HEAD /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
22:04:41 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:42 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:42 24.227.71.171 HEAD /_vti_cnf/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 403
22:04:42 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:43 24.227.71.171 HEAD /adsamples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:43 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:43 24.227.71.171 HEAD /c/winnt/system32/cmd.exe 404
22:04:44 24.227.71.171 HEAD /cgi-bin/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:44 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:44 24.227.71.171 HEAD /d/winnt/system32/cmd.exe 404
22:04:45 24.227.71.171 HEAD /iisadmpwd/..%2f..%2f..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe 404
22:04:45 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:45 24.227.71.171 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:46 24.227.71.171 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:46 24.227.71.171 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:46 24.227.71.171 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:46 24.227.71.171 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
22:04:47 24.227.71.171 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
22:04:47 24.227.71.171 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:47 24.227.71.171 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
22:04:48 24.227.71.171 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:48 24.227.71.171 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
22:04:48 24.227.71.171 HEAD /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 404
22:04:48 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:49 24.227.71.171 HEAD /msadc/..o../winnt/system32/cmd.exe 404
22:04:49 24.227.71.171 HEAD /msadc/..Á%pc../..Á%pc../..Á%pc../winnt/system32/cmd.exe 404
22:04:49 24.227.71.171 HEAD /msadc/..Á%pc../winnt/system32/cmd.exe 404
22:04:49 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:51 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:51 24.227.71.171 HEAD /msadc/..ð€€¯../..ð€€¯../..ð€€¯../winnt/system32/cmd.exe 404
22:04:51 24.227.71.171 HEAD /msadc/..ð€€¯../winnt/system32/cmd.exe 404
22:04:52 24.227.71.171 HEAD /msadc/..ø€€€¯../..ø€€€¯../..ø€€€¯../winnt/system32/cmd.exe 404
22:04:52 24.227.71.171 HEAD /msadc/..ø€€€¯../winnt/system32/cmd.exe 404
22:04:52 24.227.71.171 HEAD /samples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
22:04:56 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:56 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:04:56 24.227.71.171 HEAD /scripts/.%2e/.%2e/winnt/system32/cmd.exe 404
22:04:57 24.227.71.171 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
22:04:57 24.227.71.171 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
22:04:57 24.227.71.171 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
22:04:58 24.227.71.171 HEAD /scripts/..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe 404
22:04:58 24.227.71.171 HEAD /scripts/..%2f../winnt/system32/cmd.exe 404
22:04:58 24.227.71.171 HEAD /scripts/..%5c%5c../winnt/system32/cmd.exe 404
22:05:00 24.227.71.171 HEAD /scripts/..%5c..%5cwinnt/system32/cmd.exe 404
22:05:00 24.227.71.171 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
22:05:00 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:05:01 24.227.71.171 HEAD /scripts/..Á..Á..Á..Áwinnt/system32/cmd.exe 404
22:05:01 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:05:01 24.227.71.171 HEAD /scripts/..À%9v../winnt/system32/cmd.exe 404
22:05:02 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:05:02 24.227.71.171 HEAD /scripts/..À%qf../winnt/system32/cmd.exe 404
22:05:02 24.227.71.171 HEAD /scripts/..Á../winnt/system32/cmd.exe 404
22:05:03 24.227.71.171 HEAD /scripts/..Á%8s../winnt/system32/cmd.exe 404
22:05:03 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:05:03 24.227.71.171 HEAD /scripts/..o../winnt/system32/cmd.exe 404
22:05:04 24.227.71.171 HEAD /scripts/..Á%pc../winnt/system32/cmd.exe 404
22:05:04 24.227.71.171 HEAD /winnt/system32/cmd.exe 404
22:05:04 24.227.71.171 HEAD /scripts/..ð€€¯../winnt/system32/cmd.exe 404
22:05:06 24.227.71.171 HEAD /scripts/..ø€€€¯../winnt/system32/cmd.exe 404
22:05:06 24.227.71.171 HEAD /scripts/..ü€€€€¯../winnt/system32/cmd.exe 404
22:05:06 24.227.71.171 HEAD /scripts/root.exe 404
22:05:07 24.227.71.171 HEAD /msadc/..ü€€€€¯../..ü€€€€¯../..ü€€€€¯../winnt/system32/cmd.exe 404

I presume that someone is trying to hack into my web server, is this correct?, if so, how do I prevent further attacks?
 
Sort by date Sort by votes
yes it is, just your average common or garden script attack.

you can't prevent it, just make sure it's tight.

disable webdav if you don't need it and kill the front page extensions if you don't use them.



Chris.

Indifference will be the downfall of mankind, but who cares?
A website that proves the cobblers kids adage.
Nightclub counting systems

So long, and thanks for all the fish.
 
Upvote 0 Downvote
How do I disable webdav? (I don't even know if it's enabled be defualt)

I don't need to kill the extensions asI use them for publishing via fp.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
689
Aquiles Vidal
Aquiles Vidal
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
519
MaioMaio
MaioMaio
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
780
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top