|
Strange visitor on all domains
What this means... today, all of my domains from one server shows on log files the same thing:
[Mon Feb 2 11:40:10 2004] [error] [client 216.220.224.17] File does not exist: /scripts/..%5c%5c../winnt/system32/cmd.exe I have checked about 100 domains hosted from this server (Apache) with unique IPs and those domains are not all linked anyway... Just few of them. Even unused / empty domains shows same alien on logs. Cant get any info about: 216.220.224.17 Is this some worm scanning IP space or how this is possible? |
Its just someone searching for holes in your system . dont worry they didnt find it.
|
OrgName: Mid-Maine Communications
OrgID: MIDM Address: 44 Broadway City: Bangor StateProv: ME PostalCode: 04401 Country: US NetType: Direct Allocation NameServer: NS1.MIDMAINE.NET NameServer: NS2.MIDMAINE.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1999-05-03 Updated: 2002-12-11 OrgTechHandle: BWC7-ARIN OrgTechName: Cole, Brian W OrgTechPhone: +1-207-620-9962 OrgTechEmail: [email protected] |
Quote:
|
Yup it looks like just a regular joe. You could call his isp and find out rather quickly.
Just tell them someone from that ip is trying to access your command module. |
Ok, thanks. So, no problems at this time :)
|
Quote:
|
Nobody in particular is trying to get into your box.
It's a worm, I'd wager code red / nimda remnants. |
| All times are GMT -7. The time now is 05:45 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123