Hello all,
I've notice a bunch of entries in one of the website's access logs that I maintain:
209.42.72.248 - - [20/Sep/2003:07:25:29 -0400] "GET /scripts/nsiislog.dll" 404 7958 "-" "-"
217.58.109.249 - - [20/Sep/2003:17:38:09 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 7958 "-" "-"
12.149.96.228 - - [20/Sep/2003:23:02:53 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 7958 "-" "-"
207.17.189.23 - - [21/Sep/2003:07:22:22 -0400] "GET /scripts/nsiislog.dll" 404 7958 "-" "-"
210.180.96.11 - - [21/Sep/2003:12:47:43 -0400] "GET /scripts/nsiislog.dll HTTP/1.0" 404 7958 "-" "-"
I know that the cmd.exe entry is Nimba related and that both of these cmd.exe and nsisslog.dll only adversely affect IIS web servers.
Although I am a bit concerned to see these entries. Is there any need for concern since the website is hosted in a Linux RedHat server?
========================================
Buh Bye!
Cheers,
Me
I've notice a bunch of entries in one of the website's access logs that I maintain:
Code:
213.39.18.130 - - [20/Sep/2003:00:15:32 -0400] "GET /scripts/nsiislog.dll" 404 7958 "-" "-" 209.42.72.248 - - [20/Sep/2003:07:25:29 -0400] "GET /scripts/nsiislog.dll" 404 7958 "-" "-"
217.58.109.249 - - [20/Sep/2003:17:38:09 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 7958 "-" "-"
12.149.96.228 - - [20/Sep/2003:23:02:53 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 7958 "-" "-"
207.17.189.23 - - [21/Sep/2003:07:22:22 -0400] "GET /scripts/nsiislog.dll" 404 7958 "-" "-"
210.180.96.11 - - [21/Sep/2003:12:47:43 -0400] "GET /scripts/nsiislog.dll HTTP/1.0" 404 7958 "-" "-"
I know that the cmd.exe entry is Nimba related and that both of these cmd.exe and nsisslog.dll only adversely affect IIS web servers.
Although I am a bit concerned to see these entries. Is there any need for concern since the website is hosted in a Linux RedHat server?
========================================
Buh Bye!
Cheers,
Me
Linux RedHat: Nimba virus & nsiislog.dll