Security Incidents mailing list archives
Re: Unusual URLs sent to IIS 5.0 server
From: "Cook, Oliver" <o.cook () ETONCOLLEGE ORG UK>
Date: Fri, 24 Nov 2000 15:42:51 -0000
It looks like some warez has been saved on your server at some stage and people have come back to see if it's still there... Error 403 is the HTTP forbidden code; so I assume the files are still there, but someone disallowed access... Ollie
-----Original Message----- From: H Carvey [mailto:keydet89 () YAHOO COM] Sent: 21 November 2000 22:06 To: INCIDENTS () SECURITYFOCUS COM Subject: Unusual URLs sent to IIS 5.0 server For several days, I have been seeing the following URLs (and similar ones) in my web server logs: /Data/prev.+updates/2000/.+++t/.++++++ +++++++++++++++++++++++++++++ ++++++++++damn/I+++++am+++++++ ++++++++++++++++so/h+++++u++++ ++n++++++g+++++++r+++y/-=ISOZ=- /No_One_Lives_Forever-RAZOR1911/ and /Data/prev.[1]updates/2000/.[3]t/.[45]damn/I [5]am[23]so/h[5]u[6]n[6]g[7]r[3]y/ The response code is 403. Can anyone tell me what this is? Thanks, ./Carv
Current thread:
- Unusual URLs sent to IIS 5.0 server H Carvey (Nov 24)
- Re: Unusual URLs sent to IIS 5.0 server Filipe Almeida (Nov 28)
- Re: Unusual URLs sent to IIS 5.0 server Josh Brandt (Nov 29)
- <Possible follow-ups>
- Re: Unusual URLs sent to IIS 5.0 server Cook, Oliver (Nov 28)
- Re: Unusual URLs sent to IIS 5.0 server joe (Nov 28)