Security Worry!!!

I have checked my access log on Apache & have found several entries some of which i have placed below. Does this meen that someone has accessed my actual harddrive???

"GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316

62.254.163.34 - - [31/Dec/2001:06:32:21 +0000] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315

The IP address is not my own, but may be that of my ISP provider. I am a little confused as i have not really started to promote my web site for people to access as of yet

Worried

Phil

Have you ever heard of CodeRed?

I have heard the term i have full virus protection enabled & have scanned for the virus 1 & 2, not traces Etc found. did the sample of log that i submitted lead you to believe that this is the culprit.

Kind regards


Phil

>> but no nothing about it

Why don't you search google using the exact log entry as your search keyword?

GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315

>> Could you please explain further

It has been well-explained all over the web.

>> does the sample of log that i submitted lead you to believe that this is the culprit

CodeRed version 2.

Asking such question at this time tells me you are likely first day running a web server. CodeRed has been discovered for age, it's not something new recently.

Finally, just don't worry if you are running Apache.

I have done all you have just posted & scanned Etc. I did not mean to waste your time.

Regards

Phil