Hacking attempt?

Glaanieboy

OSNN Veteran Addict
Joined
6 Mar 2002
Messages
2,628
I just checked my Apache2 logs and foudn this:
Code:
202.9.*.* - - [24/Oct/2003:21:39:46 +0200] "GET /scripts/nsiislog.dll" 404 306
(part of the IP has been removed for privacy issues)

I traced the IP back to a provider somewhere in India, since I don't know anyone in India and seeing that he/she is trying to access a IIS(?) log script(?), should I block the IP? Or is this normal?
 
probably a crawler/robot. As it says, they received a 404 anyway(?), so it shouldn't really matter.

Probably only really worth blocking the IP if it's a repeated event.
 
Don't worry, I get these in my 404 logs all the time:

/MSADC/root.exe?/c+dir

/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

etc, that is the NIMDA or Code Red trojan, but I'm on FreeBSD :) so good luck infecting me.
 
Thats just nimda/code red.

I get about 5,000 of those request a day.
 
Well the most hack attempts I get are from the middle east or asia.

On the other hand I get a few via europe with the user having an asian or middle east server.

Probably better off just blocking their addie for the time being.
 
most of the attempts i get are from brazil. they got a real problem with hackers over there.
then i get the guys who try to hide their identity by using some a different IP. its really annoying.
 
I get em' from several parts of Asia and Brazil mainly, but none have been successful in penetrating my made-in-america defenses.;) :cool:
 
Just some general comments to go out in no particular order:

1) Code Red or Nmida probes (or any worm activity for that matter) are not hacking attempts.

2) You can not be sure of the location of an "attacker" and it not important where they are anyway.

3) Chill out and be happy your protected :) Blacklist repetitive IPs that cause you grief.
 
I wonder if they could just send us the honey's from brazil and let the guys go nuke each other with their trojans and leave the chicks to us red blooded sport minded guys ;)
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back