cactus
+ Reply to Thread
Results 1 to 6 of 6

Thread: Is this a hacking attempt?

  1. #1
    Unregistered Guest

    Is this a hacking attempt?

    I have had a website up for less than a month and it is not registered with any search engine. However, other than some friends who have been on it, I have seen many other IPs requesting files that do not exits on the server. On closer inspection, it appeared to be an attempt to hack my webserver. The strings in the log would look something like this:

    GET /scripts/winnt/cmd.exe?/c+dir

    Now, it looks to me like someone trying to access my C Drive. Is it? Or am I just being paranoid? If it isn't, then why are these people trying to request files that don't exist on a site they couldn't possibly have heard of? Are they just running some program that cycles through IP ranges and pings each one?

  2. #2
    Join Date
    Jun 2001
    Posts
    398
    hi,

    yes,it looks like an attempt to crack and execute command s remotely.

    Data.

  3. #3
    Join Date
    Apr 2002
    Posts
    180

    Re: Is this a hacking attempt?

    YES,
    by all means it's a hacking attempt very "on vogue" these days.
    we see it on many servers..

    if you are running microsoft IIS 4 or 5 server then YOU are concerned, otherwise do not worry.

    the hackers attempt to abuse an exploit called unicode on
    NT os systems running microsoft IIS servers.
    they try to install hiddenly a sort of FTP and/or TFTP server (but not on port 2*)
    in order to share files secretly.
    they call it "pubstro" for public storage.

    verify your open ports and close those that are not allowed.
    verify your firewall.
    update microsoft IIS server (if you run one)
    use commview (that you can download from this site, if it's not already done)

    here's more info on pubstro

    [url]http://2*6.2**.*7.*00/search?q=cache:*hUbz5Cgw*cC:www.esec.dk/pubstro.pdf+pubstro&hl=en&ie=UTF-8[/url]

    [url]http://www.dslreports.com/forum/remark,42425*7~root=security,*~mode=flat[/url]



    -----------
    fEǚ.法Er

  4. #4
    Unregistered Guest
    It is either a code red worm or nimbda infected computer trying to run these scripts on your computer. If you are running a windows server with IIS you are vulnerable. Make you have all the latest updates and service packs applied on your machine. If this is a Linux machine running Apache you have nothing to worry about. These infected machine scan IP addresses at random.

  5. #5
    Unregistered Guest
    most likely it is a virus like the above mentioned or some "L**t Kiddi*" got a exploit scanner and just pointed it your direction.

    exa: your ip is *27.22*.*7.8 and they tell the scanner to scan from *27.22*.*5.0 to *27.22*.20.255.

    then what it does is notes any machines that respond back with
    "HTTP/*.* 200 OK" for example, means that the computer is suseptable to the exploit. if not, it would respond back with "HTTP/*.* 500 Server Error" for example. I wouldnt worry about it because it if you are all patched up or not running IIS it would just pass over you and not make a note of your server. However I would definitely print out a copy for future referrence.

    if they were trying to exploit your system, it would have been something like GET /scripts/winnt/cmd.exe?/c+ping.exe+(some variables)+(an ip address)

    hope this helps

  6. #6
    Unregistered Guest
    your a bit lost....what that is ,,,,is irc chat server trying to acess and share files,,,,,,the get is a file add in for mirc do some research it,s kinda like napster or kazaa..........GET look for qirc v.2 or m irc it explains everything......

+ Reply to Thread

Similar Threads

  1. Hacking ** & IRC
    By Bighomedog11 in forum Internet Privacy
    Replies: 2
    Last Post: 10-19-2008, 10:12 PM
  2. IP Hacking
    By BBTxHITMANxBBT in forum Programming
    Replies: 3
    Last Post: 10-25-2007, 06:20 AM
  3. useful hacking
    By ~~smart~fool~~ in forum Security & Encryption
    Replies: 24
    Last Post: 12-24-2006, 12:07 PM
  4. hacking...
    By ABHIS in forum Internet Privacy
    Replies: 3
    Last Post: 02-11-2005, 12:46 PM
  5. is this a virus or an attempt to trace
    By doxxebell in forum Internet Privacy
    Replies: 3
    Last Post: 12-02-2002, 01:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts