does this look like an attack on my pc?
1st screen shot is a normal request for a file
2nd is an excerpt from my HFS log:
does this look like an attack on my pc?
1st screen shot is a normal request for a file
2nd is an excerpt from my HFS log:
I am just a worthless liar. I am just an imbecile.
I will only complicate you. Trust in me and fall as well.
I will find a center in you. I will chew it up and leave.
I will work to elevate you just enough to bring you down.
Thoose are all hacking attemtps in your log. Usually you will get tons of thoose types of scripts in your logs. They are really old and have been patched but sadly enough there are some people out their who fail to update or patch their systems.
I got thoose scripts in my logs all the time when I ran a webserver. They are fairly common and most of the time people use programs to scan the whole net and see what servers are vulnerable to scripts like thoose. The funny thing is most of theese so called scripts generally take action on the c drive, and unless you tell the program otherwise then it will try to hack the c drive. Thats why I never use a c drive. Well my c drive is actually just a couple of megabytes with nothing in it but a yousuckathacking.txt file which I leave there just in case someone does get in using thoose lame scripts all they will find in the c drive is a text file calling them every name in the book.............including a lamer.
I was waiting for one of these posts soon as i saw them all playing around with that hfs prog.
Originally posted by shn@18 December 2003 - 08:26
my c drive is actually just a couple of megabytes with nothing in it but a yousuckathacking.txt file which I leave there just in case someone does get in using thoose lame scripts all they will find in the c drive is a text file calling them every name in the book.............including a lamer.
good one, i'd do something like that but i'm too lazy
well, thats what i figured, that it was an attack,
with two possibilities, either it was a lame ass attempt,
or my pc is fort knox, and i know my pc isnt fort knox
just neede some feedback to confirm my suspicion
well, you got your wishI was waiting for one of these posts soon as i saw them all playing around with that hfs prog.
the good thing is that HFS logs all ip's, if it was their real ip,
i can put their sorry asses in my firewall rules
I am just a worthless liar. I am just an imbecile.
I will only complicate you. Trust in me and fall as well.
I will find a center in you. I will chew it up and leave.
I will work to elevate you just enough to bring you down.
won't make a difference if they have a dynamic ip thoughOriginally posted by FKDUP74@18 December 2003 - 15:54
i can put their sorry asses in my firewall rules
<span style='font-size:14pt;line-height:100%'>BLAH</span>
<span style='font-size:14pt;line-height:100%'>Wayne Rooney - A thug and a thief</span>
true, very true
just have to keep loggin ip's into advanced rules i guess
its a pain in the ass, but oh well
I am just a worthless liar. I am just an imbecile.
I will only complicate you. Trust in me and fall as well.
I will find a center in you. I will chew it up and leave.
I will work to elevate you just enough to bring you down.
Why aren't you people using your IIS server? WTF is with this third party crap?
Use IIS with IIS lockdown, url scan, and a good firewall and you won't have to worry about it.
The only thing you have to remember is .exe's aren't allowed to be accessed because they are a potential security risk. You'll have to zip or rar everything.
You get one default website in even the most basic windows OS. Add virtual sites to that and you can do whatever you want with preserved windows permissions or rulesets.
Add sharepoint and you have your own forum and databases with even stronger permissions.
Or just run a server OS with tight encryption and certificates.
It ain't that hard to do!
Adding this HFS thing is like installing a program to bring up the command window for you. It's just plain stupid.
Windows has almost everything you need already installed, just look for it and learn how to use it.
Just about every web server log will consist of lame attempts like that. Just make sure you frequently check your logs and clean them out every now and then because all that crap builds up. Save a couple if you see the same ip or hostname doing it more than once. Its quite foolish to try and report every attempt, but a repeat offender may have that dynamic ip traced back to them by their isp and possibly get their dumb ass canceled if you put enough emphasis on it.
As for webservers, Ive always used apache on linux and IIS on windows. It just makes sense to me that way because I can lockdown an apache webserver instantly just by adding a few finishing touches to the httpd.conf file and .htaccess files.
Apache is not for windows as Wine is not for linux. they just dont work that well together even though they are suppose to.
Might I remind you all that no system is secure. If someone with the skills wanted to do it then they could surely apply themselves and compromise your box. It happens every day.
Sorry for the nOOb post.They are fairly common and most of the time people use programs to scan the whole net and see what servers are vulnerable to scripts like thoose. The funny thing is most of theese so called scripts generally take action on the c drive, and unless you tell the program otherwise then it will try to hack the c drive.
If you password protect the URL do those scripts work? If you get a script like this does it mean you've been hacked or what?
How do you change from the C drive?
there is no password needed for IISOriginally posted by browser@18 December 2003 - 12:14
Sorry for the nOOb post.They are fairly common and most of the time people use programs to scan the whole net and see what servers are vulnerable to scripts like thoose. The funny thing is most of theese so called scripts generally take action on the c drive, and unless you tell the program otherwise then it will try to hack the c drive.
If you password protect the URL do those scripts work? If you get a script like this does it mean you've been hacked or what?
How do you change from the C drive?
Bookmarks