Page 1 of 1

is somebody accessing my computer illegally?

Posted: Sun Oct 24, 2004 1:22 am
by sunnymix
hi. i've recently installed apache server and been running over two weeks now. today i was going over access log file and found 7 to 8 acceess that were very skeptical. the log start like this:

24.86.67.103 - - [23/Oct/2004:19:44:18 -0700] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\....

is somebody trying to run illegal script on my computer while my server is running?

any information or advice will be very appreciated. thank you.

Posted: Sun Oct 24, 2004 5:46 am
by kettle_drum
Yeah they are attempting to. Most machines on the internet get these requests at LEAST once a day trying to exploit IIS WebDAV. Run the url in your browser to see what happens and you can check the links below.

http://edgeos.com/threats/details.php?id=11413
http://www.microsoft.com/technet/securi ... 3-007.mspx

thank you

Posted: Sun Oct 24, 2004 6:43 am
by sunnymix
i just checked the links. thank you! i have the latest service pack from MS. but, in order to run the web server, i had to make an firewall exception for port 80. right now, i've completely shut down the server. if i have the latest SP, would it be ok to open port 80?

Posted: Sun Oct 24, 2004 10:27 am
by patrikG
Probably one of the best network security tools is SNORT: http://www.snort.org/

Posted: Sun Oct 24, 2004 11:01 am
by timvw
if i remember well, the request is coming from some windooze worm that tries to exploit some IIS extension...