I was looking at my home pc firewall logs and plugged in an address it said was trying to access my computer.
The site contained these files.
Can you tell by the file extensions what the site is?

========================================
12/21/01 10:05 PM 36 .eml
12/22/01 2:17 AM <dir> _private
12/24/01 12:08 AM 1881 _vti_inf.html
12/24/01 10:18 AM 4921 default.asp
9/23/99 11:07 AM 7741 flupl.cab
9/23/99 11:07 AM 74628 flupl-alpha.cab
9/23/99 11:07 AM 58387 flupl-x86.cab
12/22/01 1:07 AM <dir> images
12/22/01 1:43 AM <dir> Phone Book Service
12/25/01 4:57 AM <dir> PMWebSite
5/22/97 7:28 AM 56 POSTINFO.EG
12/1/01 11:24 AM 2506 postinfo.html
12/25/01 3:49 PM <dir> samples
9/23/99 11:07 AM 1036638 wpie15-alpha.cab
9/23/99 11:07 AM 693808 wpie15-x86.cab
12/22/01 4:44 AM <dir> wwwroot1
=========================================

All of those are in the root?

What is in phonebookservice?

Here's the address http://209.179.122.130

58387 flupl-x86.cab Microsoft Active X upload component
7741 flupl.cab INF for Flupl bootstrap install script
693808 wpie15-x86.cab
Contents hlp file of above binary
Using Microsoft Web Publishing Wizard

Microsoft Web Publishing Wizard Help © Microsoft Corporation. All rights reserved. Other product and company names mentioned herein may be the trademarks of their respective owners.

(more info? http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pxe/bootstrap-config.html )

A screenshot has been attached to preserve the context of this thread.

A similiar installation can be seen here.
http://xw2k.sdct.itl.nist.gov/

Looks to be just regular ole front page stuff

The site is matdp.com.

And the customer is NOT always right. But that is a different thread...

The customer is always, ALWAYS right.

Originally posted by Samuel Mann
. . . . . . Looks to be just regular ole front page stuff Thanks.

Weird . . . . . .

What's it want with my computer then?

That was installed on your computer?

Without knowing your topology, use etc how I can tell?

Are you hosting sites for people?

If that is your personal computer then you have been hacked and someone is publishing from your computer. Looks to be building a server?

It does resolve to a domain? confused about what you are asking really

Not installed on my computer.

It is my home computer and I was looking at the logs in my firewall, because at the time it was blocking a trojan (or so it said) and I was just looking. :D

Anyways . . . . . . Not far down in the logs was Date: 12/25/2001 Time: 16:34:38
Unused port blocking has blocked communications. Details:
Inbound TCP connection
Remote address,local service is (209.179.122.130,http)So I was wonderring what it was about.:cartman:

Hmmm . . . . . . Now I see the Inbound TCP connection part.

Now I sleep. :blush:

I'd say it has been hacked and a backdoor or trojan installed. Seems like it is scanning for more hackable machines.