I wonder what in hell this person in China was trying to do?

- -> /adminhh/ytpylogin.asp 61.191.53.53
- -> /adminhh/login.asp 61.191.53.53
- -> /adminhh/login.asp 61.191.53.53
- -> /database/pibuaddsfedsffdsggfhhdf.asa 61.191.53.53
- -> /database/addsfedsffdsggfhhdf.asa 61.191.53.53
- -> /database/addsfedsffdsggfhhdf.asa 61.191.53.53
- -> /database/fqtmaaddsfedsffdsggfhhdf.asa 61.191.53.53
- -> /database/aaddsfedsffdsggfhhdf.asa 61.191.53.53
- -> /database/aaddsfedsffdsggfhhdf.asa 61.191.53.53

Nothing good, I'm sure.

UPDATE: Presumably they were looking for some sort of vulnerability in a Windows Server, since that's what ASP runs on. Still, it's a weird one.

There's another thing I've seen off and on over the years where someone tries to access a specific GIF file in one of two specific directories, and when they don't find them they go away. I've always assumed they were using that as a way of determining if a certain specific software package or server package was present. Presumably if they did find it they would then launch some sort of targeted attack. Since they never did (neither directory exists here) they left me alone.

Posted by: Steven Den Beste in Site Stuff at 01:01 PM | No Comments | Add Comment
Post contains 165 words, total size 1 kb.