Security Incidents mailing list archives

Re: Unusual URLs sent to IIS 5.0 server

From: "Cook, Oliver" <o.cook () ETONCOLLEGE ORG UK>
Date: Fri, 24 Nov 2000 15:42:51 -0000

It looks like some warez has been saved on your server at some stage and
people have come back to see if it's still there... Error 403 is the HTTP
forbidden code; so I assume the files are still there, but someone
disallowed access...

Ollie

-----Original Message-----
From: H Carvey [mailto:keydet89 () YAHOO COM]
Sent: 21 November 2000 22:06
To: INCIDENTS () SECURITYFOCUS COM
Subject: Unusual URLs sent to IIS 5.0 server


For several days, I have been seeing the
following URLs (and similar ones) in my web
server logs:

/Data/prev.+updates/2000/.+++t/.++++++
+++++++++++++++++++++++++++++
++++++++++damn/I+++++am+++++++
++++++++++++++++so/h+++++u++++
++n++++++g+++++++r+++y/-=ISOZ=-
/No_One_Lives_Forever-RAZOR1911/

and

/Data/prev.[1]updates/2000/.[3]t/.[45]damn/I
[5]am[23]so/h[5]u[6]n[6]g[7]r[3]y/

The response code is 403.

Can anyone tell me what this is?

Thanks,

./Carv

Current thread:

Unusual URLs sent to IIS 5.0 server H Carvey (Nov 24)
- Re: Unusual URLs sent to IIS 5.0 server Filipe Almeida (Nov 28)
- Re: Unusual URLs sent to IIS 5.0 server Josh Brandt (Nov 29)
- <Possible follow-ups>
- Re: Unusual URLs sent to IIS 5.0 server Cook, Oliver (Nov 28)
- Re: Unusual URLs sent to IIS 5.0 server joe (Nov 28)