hack attempt?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • HQ
    Confirmed User
    • Jan 2001
    • 3539

    #1

    hack attempt?

    I saw this in an error_log:

    [Xxx Xxxl xx xx:xx:xx 2002] [error] [client xx.xx.xxx.xxx] File does not exist: /home/xxx/xxx.com/htdocs/scripts/..?ยจ??../winnt/system32/cmd.exe

    What file is this? And why was someone looking for it?
  • HQ
    Confirmed User
    • Jan 2001
    • 3539

    #2
    Shit, the two characters between the periods ".." did not show up properly... They are in the graphic range of the ASCII code.

    Comment

    • Phil21
      Confirmed User
      • May 2001
      • 993

      #3
      it's whatever IIS exploit.. i.e. codered and the like. No need to worry about it as you're running apache.

      -Phil
      Quality affordable hosting.

      Comment

      • HQ
        Confirmed User
        • Jan 2001
        • 3539

        #4
        Yeah I knew it was a windows thing and I had nothing to worry about. I was still curious about what was going on though... I figured it was a hacker.

        You'd think they'd be smarter and only try that shit on windows boxes.

        Comment

        • Lensman
          GFY Chaperone
          • Jan 2001
          • 9846

          #5
          He's trying a Windows exploit.

          Comment

          • JFPdude
            Confirmed User
            • Jan 2002
            • 4027

            #6
            It's the ever popular Nimbda virus....


            Some dumb fucks still haven't cleaned it out of thier systems.

            Comment

            • freeones
              Confirmed User
              • Jul 2001
              • 3406

              #7
              Originally posted by HQ
              I

              What file is this? And why was someone looking for it?
              Bill Gates was looking for some porn on your server. Don't worry

              The new FreeOnes! - AdultFilmStarContent - BabeGalleries and much more! - 1Strike Movies and much more! All powered by Xpressa

              Comment

              • HQ
                Confirmed User
                • Jan 2001
                • 3539

                #8
                Hehehe, that's bastard ALWAYS steals my shit! First "picture thingys", and now my porn!


                ----

                Interesting about the requested file above... is that the two messed up graphic characters (that showed up as these four characters for some reason "?ยจ??") were different on different 'hack' attempts. Wonder if it goes through all possibilities or what.

                Comment

                • pr0
                  rockin tha trailerpark
                  • May 2001
                  • 23088

                  #9
                  i get scanned for countless shit everyday

                  just wait till some script kiddy hits you with a exploit scanner
                  __________
                  Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

                  Comment

                  • HQ
                    Confirmed User
                    • Jan 2001
                    • 3539

                    #10
                    Fucking hacker:

                    [Mon Jul 15 20:27:33 2002] [error] [client 65.239.145.53] File does not exist: /
                    home/xxxx/xxxxxx/xxxxx/cgibin/formmail.pl
                    [Mon Jul 15 20:27:37 2002] [error] [client 65.239.145.53] File does not exist: /
                    home/xxxx/xxxxxx/xxxxx/cgi-local/formmail.cgi
                    [Mon Jul 15 20:27:42 2002] [error] [client 65.239.145.53] File does not exist: /
                    home/xxxx/xxxxxx/xxxxx/cgibin/formmail.cgi

                    Comment

                    • HQ
                      Confirmed User
                      • Jan 2001
                      • 3539

                      #11
                      Originally posted by pr0
                      just wait till some script kiddy hits you with a exploit scanner
                      What do you mean? I guess I get scanned all the time too, just never really analyzed the error logs until now. Do you have an auto-scan for this type of stuff?

                      Comment

                      • cyberpunk
                        Confirmed User
                        • Feb 2001
                        • 1377

                        #12
                        This shit happens all the time no worries
                        POST NO ADS!

                        Comment

                        • Backov
                          Confirmed User
                          • Mar 2001
                          • 1600

                          #13
                          Originally posted by HQ
                          Fucking hacker:

                          [Mon Jul 15 20:27:33 2002] [error] [client 65.239.145.53] File does not exist: /
                          home/xxxx/xxxxxx/xxxxx/cgibin/formmail.pl
                          [Mon Jul 15 20:27:37 2002] [error] [client 65.239.145.53] File does not exist: /
                          home/xxxx/xxxxxx/xxxxx/cgi-local/formmail.cgi
                          [Mon Jul 15 20:27:42 2002] [error] [client 65.239.145.53] File does not exist: /
                          home/xxxx/xxxxxx/xxxxx/cgibin/formmail.cgi
                          That's not a hacker, that's a spammer looking for an unsecured formmail to abuse.

                          Cheers,
                          Backov
                          <embed src="http://banners.spotbrokers.com/button.swf" FlashVars="clickURL=http://banners.spotbrokers.com" quality=high pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" width="120" height="60"></embed>

                          Comment

                          • HQ
                            Confirmed User
                            • Jan 2001
                            • 3539

                            #14
                            Yeah I know, still a hacker to me!

                            Comment

                            • Dreamman010
                              Confirmed User
                              • Jan 2002
                              • 1081

                              #15
                              Originally posted by Backov


                              That's not a hacker, that's a spammer looking for an unsecured formmail to abuse.

                              Cheers,
                              Backov
                              little correction:

                              "That's not a hacker, that's a spammer looking for an insecured formmail to send spam through."
                              <a href="http://www2.famoushost.com/home.php" target="_blank"><b><FONT COLOR="FFFF00">www.FamousHost.com</font></b></a><br>Free Hosting With No Headers, Real FTP, <u>Get listed on the biggest TGP's with us!</u>

                              Comment

                              • Vagisil
                                Confirmed User
                                • Mar 2002
                                • 399

                                #16
                                Originally posted by Dreamman010


                                little correction:

                                "That's not a hacker, that's a spammer looking for an insecured formmail to send spam through."
                                you have a lot of time on your hands?
                                I fix your discharge.....

                                Comment

                                • Dreamman010
                                  Confirmed User
                                  • Jan 2002
                                  • 1081

                                  #17
                                  Originally posted by Vagisil


                                  you have a lot of time on your hands?
                                  lol, I have this automated program that scans for those automatically
                                  <a href="http://www2.famoushost.com/home.php" target="_blank"><b><FONT COLOR="FFFF00">www.FamousHost.com</font></b></a><br>Free Hosting With No Headers, Real FTP, <u>Get listed on the biggest TGP's with us!</u>

                                  Comment

                                  • hahmike
                                    So Fucking Banned
                                    • May 2002
                                    • 2488

                                    #18
                                    what is this guys?


                                    [Mon Jul 15 05:16:16 2002] [error] [client 195.22.11.214] File does not exist: /usr/local/psa/home/vhosts/******.com/httpdocs/MSOffice/cltreq.asp

                                    [Mon Jul 15 05:18:39 2002] [error] [client 195.22.11.214] File does not exist: /usr/local/psa/home/vhosts/******.com/httpdocs/_vti_bin/owssvr.dll

                                    Comment

                                    Working...