|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
02-02-2004, 02:01 PM
|
#1 |
|
Confirmed User
Join Date: Mar 2002
Location: Living in the bottle.
Posts: 590
|
Strange visitor on all domains
What this means... today, all of my domains from one server shows on log files the same thing:
[Mon Feb 2 11:40:10 2004] [error] [client 216.220.224.17] File does not exist: /scripts/..%5c%5c../winnt/system32/cmd.exe I have checked about 100 domains hosted from this server (Apache) with unique IPs and those domains are not all linked anyway... Just few of them. Even unused / empty domains shows same alien on logs. Cant get any info about: 216.220.224.17 Is this some worm scanning IP space or how this is possible?
__________________
|
|
|
|
02-02-2004, 02:04 PM
|
#2 |
|
So Fucking Banned
Join Date: Dec 2003
Location: South Of Heaven™
Posts: 3,880
|
Its just someone searching for holes in your system . dont worry they didnt find it.
|
|
|
|
|
02-02-2004, 02:07 PM
|
#3 |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2003
Location: online
Posts: 8,766
|
OrgName: Mid-Maine Communications
OrgID: MIDM Address: 44 Broadway City: Bangor StateProv: ME PostalCode: 04401 Country: US NetType: Direct Allocation NameServer: NS1.MIDMAINE.NET NameServer: NS2.MIDMAINE.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1999-05-03 Updated: 2002-12-11 OrgTechHandle: BWC7-ARIN OrgTechName: Cole, Brian W OrgTechPhone: +1-207-620-9962 OrgTechEmail: [email protected] |
|
|
|
|
02-02-2004, 02:08 PM
|
#4 | |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2003
Location: online
Posts: 8,766
|
Quote:
|
|
|
|
|
|
02-02-2004, 02:08 PM
|
#5 |
|
So Fucking Banned
Join Date: Dec 2003
Location: South Of Heaven™
Posts: 3,880
|
Yup it looks like just a regular joe. You could call his isp and find out rather quickly.
Just tell them someone from that ip is trying to access your command module. |
|
|
|
|
02-02-2004, 02:09 PM
|
#6 |
|
Confirmed User
Join Date: Mar 2002
Location: Living in the bottle.
Posts: 590
|
Ok, thanks. So, no problems at this time
__________________
|
|
|
|
|
02-02-2004, 02:10 PM
|
#7 | |
|
So Fucking Banned
Join Date: Dec 2003
Location: South Of Heaven™
Posts: 3,880
|
Quote:
|
|
|
|
|
|
02-02-2004, 02:12 PM
|
#8 |
|
Confirmed User
Join Date: Sep 2003
Location: Think of me as Chomsky with dick jokes.
Posts: 3,983
|
Nobody in particular is trying to get into your box.
It's a worm, I'd wager code red / nimda remnants. |
|
|
|
