Hackers giving me sc-win32-status 2RSS

2 replies

Last post Nov 25, 2018 04:11 AM by lextm

  • Hackers giving me sc-win32-status 2

    Nov 24, 2018 12:06 PM|ron1273PM|LINK

    Scriptkiddies giving me headaches. Having sometimes four or five attacks of this kind:

    2018-11-24 07:36:25 192.168.2.35 GET /help.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:26 192.168.2.35 GET /java.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:25 192.168.2.35 GET /webdav/ - - 111.230.224.224 77.174.246.127:80 2
    2018-11-24 07:36:25 192.168.2.35 PROPFIND / - - 111.230.224.224 localhost 1
    2018-11-24 07:36:30 192.168.2.35 GET /_query.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:30 192.168.2.35 GET /test.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:32 192.168.2.35 GET /db_cts.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:32 192.168.2.35 GET /db_pma.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:32 192.168.2.35 GET /logon.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:33 192.168.2.35 GET /help-e.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:33 192.168.2.35 GET /license.php - - 111.230.224.224 77.174.246.127 50
    2018-11-24 07:36:33 192.168.2.35 GET /log.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:34 192.168.2.35 GET /pmd_online.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:34 192.168.2.35 GET /hell.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:36 192.168.2.35 GET /x.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:36 192.168.2.35 GET /shell.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:36 192.168.2.35 GET /htdocs.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:37 192.168.2.35 GET /desktop.ini.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:39 192.168.2.35 GET /lala-dpr.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:37 192.168.2.35 GET /z.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:39 192.168.2.35 GET /wpc.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:39 192.168.2.35 GET /wpo.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:40 192.168.2.35 GET /wp-config.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:40 192.168.2.35 GET /text.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:42 192.168.2.35 GET /muhstik.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:42 192.168.2.35 GET /muhstiks.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:44 192.168.2.35 GET /lol.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:44 192.168.2.35 GET /uploader.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:44 192.168.2.35 GET /muhstik-dpr.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:45 192.168.2.35 GET /cmd.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:45 192.168.2.35 GET /cmx.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:45 192.168.2.35 GET /cmv.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:46 192.168.2.35 GET /cmdd.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:46 192.168.2.35 GET /knal.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:48 192.168.2.35 GET /shell.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:48 192.168.2.35 GET /appserv.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:48 192.168.2.35 GET /cmd.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:49 192.168.2.35 GET /scripts/setup.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:49 192.168.2.35 GET /phpmyadmin/scripts/setup.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:49 192.168.2.35 GET /phpMyAdmin/scripts/setup.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:50 192.168.2.35 GET /phpMyAdmin/scripts/db___.init.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:50 192.168.2.35 GET /phpmyadmin/scripts/db___.init.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:52 192.168.2.35 GET /plugins/weathermap/editor.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:52 192.168.2.35 GET /cacti/plugins/weathermap/editor.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:52 192.168.2.35 POST /wuwu11.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:54 192.168.2.35 POST /xw1.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:54 192.168.2.35 POST /xw.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:57 192.168.2.35 POST /wc.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:36:58 192.168.2.35 POST /xx.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:00 192.168.2.35 POST /w.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:00 192.168.2.35 POST /sheep.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:01 192.168.2.35 POST /db.init.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:00 192.168.2.35 POST /qaq.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:01 192.168.2.35 POST /db_session.init.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:01 192.168.2.35 POST /db__.init.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:03 192.168.2.35 POST /wp-admins.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:03 192.168.2.35 POST /m.php pbid=open - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:04 192.168.2.35 POST /db_desql.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:03 192.168.2.35 POST /db_dataml.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:04 192.168.2.35 POST /mx.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:04 192.168.2.35 POST /wshell.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:06 192.168.2.35 POST /xshell.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:06 192.168.2.35 POST /qq.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:08 192.168.2.35 POST /lindex.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:08 192.168.2.35 POST /phpstudy.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:09 192.168.2.35 POST /weixiao.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:08 192.168.2.35 POST /phpStudy.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:09 192.168.2.35 POST /feixiang.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:09 192.168.2.35 POST /ak47.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:11 192.168.2.35 POST /ak48.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:11 192.168.2.35 POST /xiao.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:11 192.168.2.35 POST /yao.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:13 192.168.2.35 POST /defect.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:13 192.168.2.35 POST /webslee.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:13 192.168.2.35 POST /q.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:14 192.168.2.35 POST /pe.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:16 192.168.2.35 POST /cainiao.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:16 192.168.2.35 POST /zuoshou.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:16 192.168.2.35 POST /zuo.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:17 192.168.2.35 POST /aotu.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:17 192.168.2.35 POST /bak.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:20 192.168.2.35 POST /l6.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:17 192.168.2.35 POST /cmd.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:20 192.168.2.35 POST /l7.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:20 192.168.2.35 POST /l8.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:22 192.168.2.35 POST /56.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:22 192.168.2.35 POST /q.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:22 192.168.2.35 POST /mz.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:23 192.168.2.35 POST /xx.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:23 192.168.2.35 POST /yumo.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:24 192.168.2.35 POST /min.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:27 192.168.2.35 POST /wan.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:27 192.168.2.35 POST /wanan.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:27 192.168.2.35 POST /ssaa.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:31 192.168.2.35 POST /aw.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:31 192.168.2.35 POST /12.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:32 192.168.2.35 POST /ak.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:31 192.168.2.35 POST /hh.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:35 192.168.2.35 POST /ip.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:35 192.168.2.35 POST /infoo.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:36 192.168.2.35 POST /qwe.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:36 192.168.2.35 POST /qq.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:36 192.168.2.35 POST /1213.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:38 192.168.2.35 POST /post.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:39 192.168.2.35 POST /aaaa.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:39 192.168.2.35 POST /h1.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:39 192.168.2.35 POST /test.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:41 192.168.2.35 POST /3.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:41 192.168.2.35 POST /phpinfi.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:41 192.168.2.35 POST /9510.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:44 192.168.2.35 POST /default.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:44 192.168.2.35 POST /sean.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:45 192.168.2.35 POST /help.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:44 192.168.2.35 POST /app.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:48 192.168.2.35 POST /miao.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:49 192.168.2.35 POST /xz.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:49 192.168.2.35 POST /linuxse.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:52 192.168.2.35 POST /zuoindex.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:52 192.168.2.35 POST /zshmindex.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:53 192.168.2.35 POST /ceshi.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:52 192.168.2.35 POST /tomcat.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:53 192.168.2.35 POST /1hou.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:55 192.168.2.35 POST /ou2.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:55 192.168.2.35 POST /zuos.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:55 192.168.2.35 POST /zuoss.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:56 192.168.2.35 POST /zuoshss.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:59 192.168.2.35 POST /she.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:37:59 192.168.2.35 POST /s.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:38:01 192.168.2.35 POST /test.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:38:01 192.168.2.35 POST /qw.php - - 111.230.224.224 77.174.246.127 2
    2018-11-24 07:38:01 192.168.2.35 POST /caonma.php - - 111.230.224.224 77.174.246.127 2

    [endquote]

    Always there's that errorcode 2 at the end. Am I safe or can I taken countermeasures to prevent these attacks?

  • Rovastar Rovastar

    5486 Posts

    MVP

    Moderator

    Re: Hackers giving me sc-win32-status 2

    Nov 24, 2018 05:42 PM|Rovastar|LINK

    I presume these files do not exist. If so nothing to really worry about.

    Troubleshoot IIS in style
    https://www.leansentry.com/
  • Re: Hackers giving me sc-win32-status 2

    Nov 25, 2018 04:11 AM|lextm|LINK

    Depending on how you set up PHP on IIS, https://blog.lextudio.com/who-should-be-contacted-for-php-on-iis-issues-c80b90bd365 the meaning of "sc-win32-status 2" varies.

    If you do use FastCGI, then status code is written by iisfcgi.dll, which has its own purposes (Microsoft did not document that clearly in documentation), but in general it is the status code and sub-status code and the message body returned in the responses matter. That determines what the effect of the attacks (information leakage, or other bad things). Only when everything is clear to you, what to do next can be decided.

    So you do need to check a broader scope, ideally with a security expert. Merely posting on a forum like this, won't easily give you the guidance you need.

    Lex Li
    Affordable IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.