stuartc1
01-15-2004, 11:34 AM
Hi,
I recently got a dedicated server (i think) and today my root password failed for hours. I tried again just a short while ago and finaly got in (after it rejecting my password!!). Some of my sites vanished and only showed the 'There is no website configured at this address. ' message - these sites were working a few hours ago.
Something very suspisious is going on.
When I finally got root access I downloaded the apache logs of an account with no site, and the details look pretty strange to me. Please can anyone describe what the website addresses in the log mean (i presumed referers) and what the GET part means.
Here is a bit of them:
- [14/Jan/2004:18:04:46 +0000] "GET /main.html HTTP/1.1" 404 - "http://www.dreamvender.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
66.20.12.130 - - [14/Jan/2004:19:03:06 +0000] "GET /scripts/nsiislog.dll" 404 - "-" "-"
219.162.223.192 - - [15/Jan/2004:07:01:54 +0000] "GET /samples/ss_v_im_sp2.wmv HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
219.162.223.192 - - [15/Jan/2004:07:02:03 +0000] "GET /samples/ss_v_im_sp2.wmv HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
212.112.168.206 - - [15/Jan/2004:08:30:17 +0000] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - "-" "-"
61.34.156.171 - - [15/Jan/2004:09:20:06 +0000] "GET /samples/pro-x_ht_sp.wmv HTTP/1.1" 404 - "http://porno-tape.com/indies.htm" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
Please note none of the above domains have anything to do with me or my server!!!
Thanks.
I recently got a dedicated server (i think) and today my root password failed for hours. I tried again just a short while ago and finaly got in (after it rejecting my password!!). Some of my sites vanished and only showed the 'There is no website configured at this address. ' message - these sites were working a few hours ago.
Something very suspisious is going on.
When I finally got root access I downloaded the apache logs of an account with no site, and the details look pretty strange to me. Please can anyone describe what the website addresses in the log mean (i presumed referers) and what the GET part means.
Here is a bit of them:
- [14/Jan/2004:18:04:46 +0000] "GET /main.html HTTP/1.1" 404 - "http://www.dreamvender.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
66.20.12.130 - - [14/Jan/2004:19:03:06 +0000] "GET /scripts/nsiislog.dll" 404 - "-" "-"
219.162.223.192 - - [15/Jan/2004:07:01:54 +0000] "GET /samples/ss_v_im_sp2.wmv HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
219.162.223.192 - - [15/Jan/2004:07:02:03 +0000] "GET /samples/ss_v_im_sp2.wmv HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)"
212.112.168.206 - - [15/Jan/2004:08:30:17 +0000] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - "-" "-"
61.34.156.171 - - [15/Jan/2004:09:20:06 +0000] "GET /samples/pro-x_ht_sp.wmv HTTP/1.1" 404 - "http://porno-tape.com/indies.htm" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
Please note none of the above domains have anything to do with me or my server!!!
Thanks.