![]() ![]() ![]() ![]() |
|||||
|
|||||
樓主 哄哄我 ![]()
![]() |
======================================== [03-21-2002 - 03:06:08] Client at 61.158.120.149: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='3', Raw URL='/scripts/root.exe' [03-21-2002 - 03:06:08] Client at 61.158.120.149: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='3', Raw URL='/MSADC/root.exe' [03-21-2002 - 03:06:12] Client at 61.158.120.149: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='3', Raw URL='/c/winnt/system32/cmd.exe' [03-21-2002 - 03:06:12] Client at 61.158.120.149: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='3', Raw URL='/d/winnt/system32/cmd.exe' [03-21-2002 - 03:06:15] Client at 61.158.120.149: URL normalization was not complete after one pass. Request will be rejected. Site Instance='3', Raw URL='/scripts/..%255c../winnt/system32/cmd.exe' [03-21-2002 - 03:06:16] Client at 61.158.120.149: URL normalization was not complete after one pass. Request will be rejected. Site Instance='3', Raw URL='/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe' [03-21-2002 - 03:06:19] Client at 61.158.120.149: URL normalization was not complete after one pass. Request will be rejected. Site Instance='3', Raw URL='/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe' [03-21-2002 - 03:06:19] Client at 61.158.120.149: URL normalization was not complete after one pass. Request will be rejected. Site Instance='3', Raw URL='/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe' [03-21-2002 - 03:06:20] Client at 61.158.120.149: URL contains high bit character. Request will be rejected. Site Instance='3', Raw URL='/scripts/..%c1%1c../winnt/system32/cmd.exe' [03-21-2002 - 03:06:20] Client at 61.158.120.149: URL contains high bit character. Request will be rejected. Site Instance='3', Raw URL='/scripts/..%c0%2f../winnt/system32/cmd.exe' [03-21-2002 - 03:06:23] Client at 61.158.120.149: URL contains high bit character. Request will be rejected. Site Instance='3', Raw URL='/scripts/..%c0%af../winnt/system32/cmd.exe'
本篇文章發表於2002-03-22 09:04
|
1樓
最有價值解答
sabcat ![]() |
那是對方主機中毒 像是nimda之類的
那些root.exe 其實只是改名後的cmd.exe複本 它在try你的主機是否有unicode漏洞
本篇文章回覆於2002-03-22 09:11
== 簽名檔 ==
--未登入的會員無法查看對方簽名檔-- |
2樓
作者回應
哄哄我 ![]() |
那我可以不要用urlscan檔下它嗎?因為我要用FRONTPAGE的SERVER EXTENTION來更改網頁,而URLSCANEXE會檔所有的EXE執行檔,這樣我就不能用FRONTPAGE來直接更新網頁了。不檔會不會讓我的主機也中毒,或是被找到漏洞
本篇文章回覆於2002-03-22 10:39
== 簽名檔 ==
--未登入的會員無法查看對方簽名檔-- |
3樓 |
我是沒裝那個lockdown啦~@@~因為我的主機在防火牆後
所以我也不清楚是否能不用urlscan 但是...若你的IIS做過了PATCH~那就可以不用裝LOCKDOWN了吧@@? 這方面我並不清楚..SO~幫不上忙..看看是否有其它懂的人能伸出援手吧 SORRY~NE
本篇文章回覆於2002-03-22 11:01
== 簽名檔 ==
--未登入的會員無法查看對方簽名檔-- |
回覆 |
如要回應,請先登入. |