Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is this a hack attempt?

Status
Not open for further replies.
paulray

paulray

Technical User
Mar 6, 2003
49
CA
In our IIS logs, we show date, time ip address and HEAD. What does HEAD mean? After HEAD there appears to be an attempt to run CMD.EXE or ROOT.EXE from different folders, including system32, scripts, _mem_bin, _vti_bin etc... In all cases the result code was 401 access denied.
Thanks
Paul
 
Sort by date Sort by votes
A HTTP HEAD command just tells the server to respond with the page headers only, and yes it is a scripting attack on one of the many buffer overflow holes in IIS.




Chris.

Indifference will be the downfall of mankind, but who cares?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
826
DrB0b
DrB0b
juniper911
  • Locked
  • Question
Smartcard PIN Cache - is it configurable?
Replies
0
Views
268
juniper911
juniper911
maybeimaleo
  • Locked
  • Question
Is There a Best Windows OS to Upgrade a CA Server to?
Replies
5
Views
433
maybeimaleo
maybeimaleo
techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
783
araheusaff
araheusaff

Part and Inventory Search

Sponsor

Back
Top