• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

hack attempt??

X

xclansoldier

Junior Member
Hello.

I'm no expert in hacking. I'm not even a novice at it. But occassionally, I check my websites error logs to see what errors people are getting and why. Today I checked them because there was a network blackout that the datacenter did because it was replacing one of their main switches (according to their e-mail.) Anyways, when I checked it, I found this and it alarmed me a bit. Here is the copy of the log:

[Sun Nov 28 16:15:19 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:19 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/scripts/..%2f../winnt/system32/cmd.exe
[Sun Nov 28 16:15:19 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:19 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/scripts/..%5c../winnt/system32/cmd.exe
[Sun Nov 28 16:15:19 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/400.shtml
[Sun Nov 28 16:15:18 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/400.shtml
[Sun Nov 28 16:15:18 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:18 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/scripts/..\xc1\x9c../winnt/system32/cmd.exe
[Sun Nov 28 16:15:18 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:18 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/scripts/..\xc0\xaf../winnt/system32/cmd.exe
[Sun Nov 28 16:15:18 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/scripts/..\xc1\x1c../winnt/system32/cmd.exe
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/msadc/..%5c../..%5c../..%5c/..\xc1\x1c../..\xc1\x1c../..\xc1\x1c../winnt/system32/cmd.exe
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:17 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/scripts/..%5c../winnt/system32/cmd.exe
[Sun Nov 28 16:15:16 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:16 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/d/winnt/system32/cmd.exe
[Sun Nov 28 16:15:16 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:16 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/c/winnt/system32/cmd.exe
[Sun Nov 28 16:15:16 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:16 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/MSADC/root.exe
[Sun Nov 28 16:15:16 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/404.shtml
[Sun Nov 28 16:15:16 2004] [error] [client 69.241.176.7] File does not exist: /***/***/public_html/scripts/root.exe

My server uses a Linux OS. And the fact the errors bring up someone trying to use Windows commands - is what alarmed me. Am I right to be alarmed? Is this an attempted hack? Just to be cautious, I did a tracert and got their ISP address and I sent a copy of the log to my host as well as the ISP. Did I do the right thing? Like I said, I don't know how to hack or even where it begins - I'm not at all interested in it either but since I don't know, would these be good indicators of a hack attempted? And is there anything else that I should look for?

Thanks for your time.

Ryan
 
I wouldn't worry about it. I get that as well in mine. It is either a script kiddy or a PC with a virus on it. It is looking for a server runing Windows/ISS.
 
There were some old exploits that could get an IIS server to give up root via a script in the URL.
The kiddies still look for unpatched servers, and they do find them. Pretty pathetic.
I often write custom .htaccess files in the top level of my www directory, and lock out entire ranges that I know will never have legit business in my site, and are also the source of large volumes of these hack attempts.
 
Well. I was worried but not too much since I did recognize the .exe command execution attempts - knowing that I'm hosted on a Windows server. I did, however, report it to Comcast since the tracert reached the destination which was a Comcast address. I figure, if it's nothing, Comcast will know that and nothing will come about of it. If it is something that is considered "misuse" by Comcast, then they'll handle it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top