Is someone trying to hack me?

morphinelips · #1 03-29-2002, 09:57 PM

I looked at the error logs for my site ( http://www.highboard.com , hosted on site5.com ) and happened to notice than one IP address had seen errors like this:

/home/highboar/public_html/scripts/..À¯../winnt/system32/cmd.exe

about 10 consecutive times within the space of about a minute. It looks suspicious to me, but then I really don't know what it is...

any ideas?

Lats · #2 03-29-2002, 10:06 PM

If you're on a linux box, there is no need to worry.

Had a heap of those myself, it's just the 'script kiddies' trying to find something open.

Lats...

ToastyX · #3 03-29-2002, 10:33 PM

It's not script kiddies. It's either the Code Red or NIMDA worm trying to propagate. The people that are affected usually don't know their computer is infected and are not trying to intentionally do any damage. This only affects some versions of IIS, so if you're on a UNIX or Linux server, there's nothing to worry about. Just ignore it.

phpjames · #4 03-29-2002, 10:33 PM

Err... No I think that is the code red virus or nimda. Search the forum for cmd.exe or code red or nimda. You will find similar results.

NightMan · #5 03-30-2002, 03:24 AM

Yes, it's NIMDA worm as ToastyX said. If you are in UNIX/LINUX then dont worry. but it is really annoying, when you see lots of attempts made to infect the server.

terrastudios · #6 03-30-2002, 06:08 AM

Yep @ a virus trying to propogate.

Basically this exploits abig dumb ass security hole that microsoft left in iis for many many versions... you can access any file on the computer by doing the 'root exploit' (dont know what its called under M$-oses so ill use the linux term).

So all you NT-hosters beware!!! And move to some sort of *nix host today and sleep more soundly at night

:

Maniac · #7 03-30-2002, 11:25 PM

Yes that is Nimda as everyone said. Don't worry if you're on Unix/Linux. Never got into our Windows servers

netguy · #8 04-01-2002, 03:59 PM

i have these on my site too .. its annoying as hell i was actually thinking of creating a small script in that particular location to send something NICE to the user

regards,
n.

Maniac · #9 04-01-2002, 04:21 PM

Quote:

Originally posted by netguy
i have these on my site too .. its annoying as hell i was actually thinking of creating a small script in that particular location to send something NICE to the user

regards,
n.

haha, what did you have in mind?

Synergy · #10 04-01-2002, 06:04 PM

How come everyone makes worms and virii to infect microsoft's software

netguy · #11 04-01-2002, 06:50 PM

hmm .. how about take the ip of the user , do a nmap on it , display the results to the guy trying ..so he gets a message like

hello dear.
you are trying to hack me but you have these ports open

regards,
n.

Maniac · #12 04-01-2002, 06:54 PM

haha

JDF · #13 04-01-2002, 08:25 PM

Quote:

Originally posted by netguy
hmm .. how about take the ip of the user , do a nmap on it , display the results to the guy trying ..so he gets a message like

hello dear.
you are trying to hack me but you have these ports open

regards,
n.

Thats missing the whole point! This is a self propogating WORM.. re-read ToastyX's post. Perhaps something like:

To whom it may concern:

Your server is infected with Code Red / Nimda!

http://linktopatch.microsoft.com

....