Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Strange User Tracking entries - Help!


Mark Russell

Recommended Posts

These very strange URLs appear on my user tracking page in Admin as the point of entry to my website. I've now seen these for a couple of days and they usually appear as multiple sessions over a short timeframe. Like a spider? Example below. User Tracking is showing these as pages on MY site and not as referring URLs. The host listed is the referer and the time/URL is what is supposedly the entry point of my site.

 

Any ideas what this is?

 

Thanks, Mark

 

Host: 211.239.35.104 09:31:20: /scripts/root.exe?/c+dir

Host: 211.239.35.104 09:31:23: /MSADC/root.exe?/c+dir

Host: 211.239.35.104 09:31:25: /c/winnt/system32/cmd.exe?/c+dir

Host: 211.239.35.104 09:31:33: /scripts/..%255c../winnt/system32/cmd.exe?/c+dir

Link to comment
Share on other sites

This is script kiddies trying to access files on your server. There is a well known exploit on Windows servers which uses these particular files.

 

If you are on a *nix server, just ignore them - if you are on a Win server, speak with your server admin to make sure the box is patched.

Link to comment
Share on other sites

I've just checked, if you are talking about your tights site, the server is:

 

Server: Apache/1.3.27 Ben-SSL/1.48 (Unix) mod_dtcl mod_python/2.7.6 Python/2.1.2 mod_throttle/2.11 mod_perl/1.27 PHP/4.2.3 FrontPage/4.0.4.3 rus/PL30.16

 

So you are fine, just ignore those entries...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...