is somebody accessing my computer illegally?

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
User avatar
sunnymix
Forum Newbie
Posts: 9
Joined: Fri Oct 08, 2004 9:50 pm
Location: Vancouver, CANADA

is somebody accessing my computer illegally?

Post by sunnymix »

hi. i've recently installed apache server and been running over two weeks now. today i was going over access log file and found 7 to 8 acceess that were very skeptical. the log start like this:

24.86.67.103 - - [23/Oct/2004:19:44:18 -0700] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\....

is somebody trying to run illegal script on my computer while my server is running?

any information or advice will be very appreciated. thank you.
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Yeah they are attempting to. Most machines on the internet get these requests at LEAST once a day trying to exploit IIS WebDAV. Run the url in your browser to see what happens and you can check the links below.

http://edgeos.com/threats/details.php?id=11413
http://www.microsoft.com/technet/securi ... 3-007.mspx
User avatar
sunnymix
Forum Newbie
Posts: 9
Joined: Fri Oct 08, 2004 9:50 pm
Location: Vancouver, CANADA

thank you

Post by sunnymix »

i just checked the links. thank you! i have the latest service pack from MS. but, in order to run the web server, i had to make an firewall exception for port 80. right now, i've completely shut down the server. if i have the latest SP, would it be ok to open port 80?
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Probably one of the best network security tools is SNORT: http://www.snort.org/
Last edited by patrikG on Sun Oct 24, 2004 12:12 pm, edited 1 time in total.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

if i remember well, the request is coming from some windooze worm that tries to exploit some IIS extension...
Post Reply