does this look like an attack on my pc?
1st screen shot is a normal request for a file
2nd is an excerpt from my HFS log:

Thoose are all hacking attemtps in your log. Usually you will get tons of thoose types of scripts in your logs. They are really old and have been patched but sadly enough there are some people out their who fail to update or patch their systems.

I got thoose scripts in my logs all the time when I ran a webserver. They are fairly common and most of the time people use programs to scan the whole net and see what servers are vulnerable to scripts like thoose. The funny thing is most of theese so called scripts generally take action on the c drive, and unless you tell the program otherwise then it will try to hack the c drive. Thats why I never use a c drive. Well my c drive is actually just a couple of megabytes with nothing in it but a yousuckathacking.txt file which I leave there just in case someone does get in using thoose lame scripts all they will find in the c drive is a text file calling them every name in the book.............including a lamer.http://smilies.sofrayt.com/%5E/u/lamer.gif

I was waiting for one of these posts soon as i saw them all playing around with that hfs prog. :P

Originally posted by shn@18 December 2003 - 08:26
my c drive is actually just a couple of megabytes with nothing in it but a yousuckathacking.txt file which I leave there just in case someone does get in using thoose lame scripts all they will find in the c drive is a text file calling them every name in the book.............including a lamer.
:lol: :lol: :lol:

good one, i'd do something like that but i'm too lazy :P
well, thats what i figured, that it was an attack,
with two possibilities, either it was a lame ass attempt,
or my pc is fort knox, and i know my pc isnt fort knox :lol:
just neede some feedback to confirm my suspicion


I was waiting for one of these posts soon as i saw them all playing around with that hfs prog. 

well, you got your wish :lol:

the good thing is that HFS logs all ip's, if it was their real ip,
i can put their sorry asses in my firewall rules :P

Originally posted by FKDUP74@18 December 2003 - 15:54
i can put their sorry asses in my firewall rules :P
won't make a difference if they have a dynamic ip though

true, very true
just have to keep loggin ip's into advanced rules i guess
its a pain in the ass, but oh well

Why aren't you people using your IIS server? WTF is with this third party crap?

Use IIS with IIS lockdown, url scan, and a good firewall and you won't have to worry about it.
The only thing you have to remember is .exe's aren't allowed to be accessed because they are a potential security risk. You'll have to zip or rar everything.

You get one default website in even the most basic windows OS. Add virtual sites to that and you can do whatever you want with preserved windows permissions or rulesets.
Add sharepoint and you have your own forum and databases with even stronger permissions.

Or just run a server OS with tight encryption and certificates.

It ain't that hard to do!

Adding this HFS thing is like installing a program to bring up the command window for you. It's just plain stupid.
Windows has almost everything you need already installed, just look for it and learn how to use it.

Just about every web server log will consist of lame attempts like that. Just make sure you frequently check your logs and clean them out every now and then because all that crap builds up. Save a couple if you see the same ip or hostname doing it more than once. Its quite foolish to try and report every attempt, but a repeat offender may have that dynamic ip traced back to them by their isp and possibly get their dumb ass canceled if you put enough emphasis on it.

As for webservers, Ive always used apache on linux and IIS on windows. It just makes sense to me that way because I can lockdown an apache webserver instantly just by adding a few finishing touches to the httpd.conf file and .htaccess files.

Apache is not for windows as Wine is not for linux. they just dont work that well together even though they are suppose to.

Might I remind you all that no system is secure. If someone with the skills wanted to do it then they could surely apply themselves and compromise your box. It happens every day.http://smilies.sofrayt.com/%5E/j0/type.gif

They are fairly common and most of the time people use programs to scan the whole net and see what servers are vulnerable to scripts like thoose. The funny thing is most of theese so called scripts generally take action on the c drive, and unless you tell the program otherwise then it will try to hack the c drive.

Sorry for the nOOb post.
If you password protect the URL do those scripts work? If you get a script like this does it mean you've been hacked or what?

How do you change from the C drive?

Originally posted by browser@18 December 2003 - 12:14

They are fairly common and most of the time people use programs to scan the whole net and see what servers are vulnerable to scripts like thoose. The funny thing is most of theese so called scripts generally take action on the c drive, and unless you tell the program otherwise then it will try to hack the c drive.

Sorry for the nOOb post.
If you password protect the URL do those scripts work? If you get a script like this does it mean you've been hacked or what?

How do you change from the C drive?
there is no password needed for IIS :blink:

I meant for HFS. sorry i wasn't clearer

to my knowledge there isnt a way to password protect HFS,
unless you know a way to do it in html editing, if thats possible :unsure:
me, i'm still a noob at HFS and havent a clue about html
what i do know is the attacks last night all got a 404 error,
and my pc's still runnin, so i assume they failed, w/o password protection
but like was mentioned a few posts ago, i imagine if someone
with the resources/knowledge applied themselves, they'd get in
w/ or w/o passwords

balaam and shn know more about this, so i'm gonna look into the IIS :)

just had a closer look at the proggie, nothing about passwords, but you
you can ban ip's (same thing as a firewall it seems to me)

HFS-menu, other settings, users, add.
Right click on folder, set access for user.

At least that's what I'm doing, hoping to stay safe.

Don't laugh but what does HFS and IIS
stand for :lol: seriously though.

:o :o i got the same messages today!!!! from the log of HSF!!!!!!!!! :o :o :angry: :angry:

but all were 404 errors!

Originally posted by trillscout@18 December 2003 - 18:14
Don't laugh but what does HFS and IIS
stand for  :lol:  seriously though.
HFS = HTTP File Server
IIS = ask balaam or shn :P

@ jai, the 404 means they werent served, couldnt connect
(ever see that error when you was browsing?)
but keep a record of those ip's and enter em in your firewall blocklist
thats what i'm doing for now, at least

Originally posted by trillscout@18 December 2003 - 19:14
Don't laugh but what does HFS and IIS
stand for :lol: seriously though.
IIS= Internet Information Services

It's on almost every windows disk. Just put the disk in and go to add/remove programs.

You'll have to configure access for it in your firewall but better yet, use a server firewall and AV.

Don't try installing SMTP or NNTP until you know a bit more about it.

Make sure you do some research on IIS before you start it up. Learn how to "harden" your OS to prevent hacks.

You'll probably want front page installed as well. It will create the sites for you with the vti-bin and other folders you'll need.

Sharepoint is a bonus, You can set up team sites, forums, asp, etc.

Grab a domain redirect from DYNdns (search google) so you don't have to show your IP.

Just do the research and you'll have a good lightweight server.

;) thanks balaam for the info, gonna see if its on my system
(got an OEM install of windows xp home)
already got an account with dyndns :D

I still prefer apache, then again i would only ever use it on windows for local testing not as an actual server for the world to see.

me prefers linux/bsd and apache by far.

well, according to the microsoft site, IIS and xp home dont mix :(

from microsoft's site:



Q. Is it possible to install either IIS or PWS in Microsoft Windows XP Home Edition?
 
A. Windows XP Home Edition does not support any version of IIS and cannot be made to run IIS by any reliable method. Windows XP Home Edition was not designed to be a development platform for Web-based applications. Upgrading to Windows XP Professional will allow you to install IIS 5.1 on your system so you can develop with ASP.Net. IIS 5.1 on Windows XP Professional is a full-featured and capable Web server, but is limited to 10 simultaneous connections since it is a workstation operating system and not a server platform. There are also a few other limitations consistent with Windows XP Professional being used as a client operating system and not a server operating system. By and large, these are the same differences you find in IIS 5.0 on Windows 2000 Professional, and Windows 2000 Server or Advanced Server. Nevertheless, Windows XP Professional is an excellent environment for developing Web-based applications with the .NET Framework.

that is only xp home. xp pro should run it just fine.

Yeah, it's time to upgrade or dual boot.

Originally posted by FKDUP74@18 December 2003 - 16:51
http://www.sighost.us/members/fkdup74/screenshot003.gif
Ahh, good ol' Nimbda (http://www.thesitewizard.com/news/nimbdaworm.shtml). That damn worm is just over 2 years old and still there are infected web servers out there.

Whoever owns/admins those servers needs to be shot.

windows 2000 server kicks monkey nuts.... ;)

Not totaly mate..

:unsure: if any of you read about this at the time.

http://www.prognosisx.com/cgi-bin/cgi-scri...wone&id=56&op=r (http://www.prognosisx.com/cgi-bin/cgi-script/csNews/csNews.cgi?database=JanY%2edb&command=viewone&id=56&op=r) :)

it's a surprise this has been left open so long considering the board rules... :o

Originally posted by FKDUP74@18 December 2003 - 23:04
well, according to the microsoft site, IIS and xp home dont mix :(

from microsoft's site:



Q. Is it possible to install either IIS or PWS in Microsoft Windows XP Home Edition?
 
A. Windows XP Home Edition does not support any version of IIS and cannot be made to run IIS by any reliable method. Windows XP Home Edition was not designed to be a development platform for Web-based applications. Upgrading to Windows XP Professional will allow you to install IIS 5.1 on your system so you can develop with ASP.Net. IIS 5.1 on Windows XP Professional is a full-featured and capable Web server, but is limited to 10 simultaneous connections since it is a workstation operating system and not a server platform. There are also a few other limitations consistent with Windows XP Professional being used as a client operating system and not a server operating system. By and large, these are the same differences you find in IIS 5.0 on Windows 2000 Professional, and Windows 2000 Server or Advanced Server. Nevertheless, Windows XP Professional is an excellent environment for developing Web-based applications with the .NET Framework.

No offense to any hardcore windows xp "pro" users but it has been known for quite some time that pro is only limited to 10 simultaneous connections and that sucks. Even though I have known that for some time I still see why more advanced users of xp and IIS would opt for third party web servers who support a lot more than 10 connects at a time.

10 connects at a time for me means local testing, if that. If you need more than that then just use a server platform like win 2k server or 2003 serverhttp://smilies.sofrayt.com/%5E/j0/lightbul.gif

Windows 2000 advanced server = 100,000 + connections :D

Oh yeah, XP is the best :lol: :lol: :lol: :lol: :lol:

By the way ....

the offense is fully intended towards "hardcore" XP pro users in this case ;)