Originally posted by thedavid Looks like a nessus security scanner 'hit' to me.
I am not really familar with nessus, have heard of it, but my question is why would with this company be scanning one of my servers. There are quite a few hits from different IP's all belonging to xramp.com.
That looks like a shell code I've seen on Windows exploits.
I have no idea what what I just said means though, don't ask
CybexHost.com - Shared and Reseller Hosting Solutions on cPanel/WHM Linux Servers ModernTweak.com - Discount ModernBill Licenses, Hosted Installations, and Professional Services :: Pay for your discount ModernBill license with PayPal :: admin[at]cybexhost.com :: AIM: CybexH
Originally posted by thedavid Same reason anyone else'd use nessus - to find compromisable hosts. Might be a compromised box that they're using.
Could also be a worm strain or something trying to check random IP's too - though that particular string doesn't ring any bells.
Well what I find a little odd is that xramp.com sells and or develops server security software, so if their box is infected it certainly does not say much for there software, and if it is not, then it appears that they are scanning servers for what I would consider unscruplious reasons, to sell their software.
Reason I said 'nessus' right offhand was because I remember seeing a sig like that in a snort/acid log recently and didn't know what it was either. Did some searching, and it ended up being not a big deal, but I don't remember the details (it was a month or more ago)