markmcfc Posted April 7, 2012 Posted April 7, 2012 Hi everyone, i think ive been hacked already! i wouldnt mind ive only had the server a week and had some big passwords set, below is a log of the hackers attempts (i dont have a clue how to handle this or even where to start so please dont ask me questions that are to savvy) many thanks for any help (i dont mind paying if thats what it takes to secure my server)Logwatch 7.3 (03/24/06) Processing Initiated: Sat Apr 7 04:02:25 2012 Date Range Processed: yesterday ( 2012-Apr-06 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: ks354047.kimsufi.com --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 46.166.137.110 A total of 13 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /_vti_bin/..?..?..?../winnt/system32/cmd.exe?/c+dir HTTP Response 200 /_vti_bin/..?..?..?../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP Response 200 /cgi-bin/..?..?..?../winnt/system32/cmd.exe HTTP Response 200 /_mem_bin/..?..?..?../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP Response 200 /scripts/..?../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP Response 200 /scripts/..?..?..?..?../winnt/system32/cmd.exe?/c+dir HTTP Response 200 /msadc/..?../..?../..?../winnt/system32/cmd.exe?/c+dir HTTP Response 200 /scripts/..?../winnt/system32/cmd.exe HTTP Response 200 /scripts/..?..?..?..?../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP Response 200 /msadc/..?..?..?../winnt/system32/cmd.exe HTTP Response 200 /_mem_bin/..?..?..?../winnt/system32/cmd.exe?/c+dir HTTP Response 200 /scripts/..?../winnt/system32/cmd.exe?/c+dir HTTP Response 200 /msadc/..?../..?../..?../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP Response 200 Requests with error response codes 400 Bad Request /: 3 Time(s) /../../../../: 1 Time(s) /../../../../../../../boot.ini: 1 Time(s) /../../../../../winnt/repair/sam._: 1 Time(s) /../../../../config.sys: 1 Time(s) /../../../../etc/hosts: 1 Time(s) /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /_vti_bin/_vti_aut/fp30reg.dll: 1 Time(s) /bin/scripts/../../../../winnt/system32/cm ... e?/c+dir%20c:\\: 1 Time(s) /bin/scripts/../../../../winnt/system32/cmd.exe: 1 Time(s) /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /cgi-bin/../../../../winnt/system32/cmd.exe: 1 Time(s) /msadc/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /scripts/../../../../../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /scripts/../../../../../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /scripts/../../cmd.exe: 1 Time(s) /scripts/../../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 4 Time(s) 403 Forbidden /.htaccess: 1 Time(s) /.html/............*/config.sys: 1 Time(s) /.html/............./config.sys: 1 Time(s) /.html/............/autoexec.bat: 1 Time(s) /.htpasswd: 1 Time(s) 404 Not Found /*.ida: 1 Time(s) /*.idc: 1 Time(s) /*.idq: 1 Time(s) /........../autoexec.bat: 1 Time(s) /....../: 2 Time(s) /....../autoexec.bat: 1 Time(s) /....../config.sys: 1 Time(s) /....../etc/hosts: 1 Time(s) /.bash_history: 1 Time(s) /.passwd: 1 Time(s) /.pl: 1 Time(s) //jmx-console/HtmlAdaptor: 1 Time(s) /ASPSamp/AdvWorks/equipment/catalog_type.asp: 1 Time(s) /Admin_files/order.log: 1 Time(s) /AdvWorks/equipment/catalog_type.asp: 1 Time(s) /Cgi-Bin/: 1 Time(s) /Cgi-Bin/FormHandler.cgi: 1 Time(s) /Cgi-Bin/aglimpse.cgi: 1 Time(s) /Cgi-Bin/alibaba.pl: 1 Time(s) /Cgi-Bin/campas: 1 Time(s) /Cgi-Bin/cgitest.exe: 1 Time(s) /Cgi-Bin/cmd.exe: 1 Time(s) /Cgi-Bin/cmd32.exe: 1 Time(s) /Cgi-Bin/cmd32.exe?/c+dir: 1 Time(s) /Cgi-Bin/count.cgi: 1 Time(s) /Cgi-Bin/csh: 1 Time(s) /Cgi-Bin/echo.bat: 1 Time(s) /Cgi-Bin/enivron.pl: 1 Time(s) /Cgi-Bin/ezshopper/loadpage.cgi: 1 Time(s) /Cgi-Bin/ezshopper/search.cgi: 1 Time(s) /Cgi-Bin/faxsurvey: 1 Time(s) /Cgi-Bin/formmail: 1 Time(s) /Cgi-Bin/formmail.cgi: 1 Time(s) /Cgi-Bin/formmail.pl: 1 Time(s) /Cgi-Bin/get32.exe: 1 Time(s) /Cgi-Bin/hello.bat: 1 Time(s) /Cgi-Bin/htimage.exe: 1 Time(s) /Cgi-Bin/htsearch: 1 Time(s) /Cgi-Bin/jj: 1 Time(s) /Cgi-Bin/ksh: 1 Time(s) /Cgi-Bin/loadpage.cgi: 1 Time(s) /Cgi-Bin/nph-test-cgi: 1 Time(s) /Cgi-Bin/perl.exe: 1 Time(s) /Cgi-Bin/phf: 1 Time(s) /Cgi-Bin/rguest.exe: 1 Time(s) /Cgi-Bin/search.cgi: 1 Time(s) /Cgi-Bin/sh: 1 Time(s) /Cgi-Bin/sojourn.cgi: 1 Time(s) /Cgi-Bin/tcsh: 1 Time(s) /Cgi-Bin/test-cgi/*: 1 Time(s) /Cgi-Bin/test.cgi: 1 Time(s) /Cgi-Bin/testcgi: 1 Time(s) /Cgi-Bin/view-source: 1 Time(s) /Cgi-Bin/webdist.cgi: 1 Time(s) /Cgi-Bin/wguest.exe: 1 Time(s) /Cgi-Bin/windmail.exe: 1 Time(s) /Cgi-Bin/wrap: 1 Time(s) /Cgi-Win/uploader.exe: 1 Time(s) /IISADMPWD/achg.htr: 1 Time(s) /IISSAMPLES/ExAir/Search/search.asp: 1 Time(s) /NULL.printer: 1 Time(s) /Orders/order.log: 1 Time(s) /PDG_Cart/order.log: 1 Time(s) /PDG_Cart/shopper.conf: 1 Time(s) /PSUser/PSCOErrPage.htm: 1 Time(s) /WebSTAR: 1 Time(s) /WebShop/logs/cc.txt: 1 Time(s) /WebShop/logs/ck.log: 1 Time(s) /WebShop/templates/cc.txt: 1 Time(s) /_AuthChangeUrl: 1 Time(s) /_AuthChangeUrl?: 1 Time(s) /_mem_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe: 1 Time(s) /_mem_bin/..%c0%2f../..%c0%2f../..%c0%2f.. ... e?/c+dir%20c:\\: 1 Time(s) /_mem_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe: 1 Time(s) /_mem_bin/..%c0%af../..%c0%af../..%c0%af.. ... e?/c+dir%20c:\\: 1 Time(s) /_mem_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe: 1 Time(s) /_mem_bin/..%c1%1c../..%c1%1c../..%c1%1c.. ... e?/c+dir%20c:\\: 1 Time(s) /_mem_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe: 1 Time(s) /_mem_bin/..%c1%9f../..%c1%9f../..%c1%9f.. ... e?/c+dir%20c:\\: 1 Time(s) /_mem_bin/..\\..\\..\\../winnt/system32/cm ... e?/c+dir%20c:\\: 1 Time(s) /_mem_bin/..\\..\\..\\../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /_mem_bin/.._../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /_private: 1 Time(s) /_private/form_results.txt: 1 Time(s) /_private/orders.txt: 1 Time(s) /_private/register.txt: 1 Time(s) /_private/registrations.txt: 1 Time(s) /_vti_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe: 1 Time(s) /_vti_bin/..%c0%2f../..%c0%2f../..%c0%2f.. ... e?/c+dir%20c:\\: 1 Time(s) /_vti_bin/..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /_vti_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe: 1 Time(s) /_vti_bin/..%c0%af../..%c0%af../..%c0%af.. ... e?/c+dir%20c:\\: 1 Time(s) /_vti_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /_vti_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe: 1 Time(s) /_vti_bin/..%c1%1c../..%c1%1c../..%c1%1c.. ... e?/c+dir%20c:\\: 1 Time(s) /_vti_bin/..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /_vti_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe: 1 Time(s) /_vti_bin/..%c1%9f../..%c1%9f../..%c1%9f.. ... e?/c+dir%20c:\\: 1 Time(s) /_vti_bin/..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /_vti_bin/..\\..\\..\\../winnt/system32/cm ... e?/c+dir%20c:\\: 1 Time(s) /_vti_bin/..\\..\\..\\../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /_vti_bin/.._../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /_vti_bin/_vti_aut/dvwssr.dll: 1 Time(s) /_vti_bin/fpcount.exe: 1 Time(s) /_vti_bin/fpexe: 1 Time(s) /_vti_bin/shtml.dll: 1 Time(s) /_vti_bin/shtml.dll/_vti_rpc: 1 Time(s) /_vti_bin/shtml.exe: 1 Time(s) /_vti_inf.html: 1 Time(s) /_vti_pvt: 1 Time(s) /_vti_pvt/: 1 Time(s) /_vti_pvt/administrator.pwd: 1 Time(s) /_vti_pvt/administrators.pwd: 1 Time(s) /_vti_pvt/author.log: 1 Time(s) /_vti_pvt/authors.pwd: 1 Time(s) /_vti_pvt/doctodep.btr: 1 Time(s) /_vti_pvt/service.grp: 1 Time(s) /_vti_pvt/service.pwd: 1 Time(s) /_vti_pvt/shtml.dll: 1 Time(s) /_vti_pvt/shtml.exe: 1 Time(s) /_vti_pvt/users.pwd: 1 Time(s) /a.asp/..\\../..\\../winnt/repair/sam: 1 Time(s) /abczxv.htw: 1 Time(s) /admisapi/fpadmin.htm: 1 Time(s) /adsamples/config/site.csc: 1 Time(s) /app.cfm: 1 Time(s) /autoexec.bat: 1 Time(s) /bb-dnbd/bb-hist.sh: 1 Time(s) /bdir.htr: 1 Time(s) /bin: 1 Time(s) /bin/jscripts/GneteFuncs.js: 1 Time(s) /bin/scripts/..%c0%2f../..%c0%2f../..%c0%2 ... e?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..%c0%af../..%c0%af../..%c0%a ... e?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..%c1%1c../..%c1%1c../..%c1%1 ... e?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..%c1%9f../..%c1%9f../..%c1%9 ... e?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..?..?..?../winnt/system32/cm ... e?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..?..?..?../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /bin/scripts/..\\..\\..\\../winnt/system32 ... e?/c+dir%20c:\\: 1 Time(s) /bin/scripts/..\\..\\..\\../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /bin/scripts/.._../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /bin/scripts/openvendor/gnete/RetrievePNBody.asp: 1 Time(s) /blabla.idq: 1 Time(s) /carbo.dll: 1 Time(s) /catalog.nsf: 1 Time(s) /catalog.nsf/: 1 Time(s) /ccbill/secure/ccbill.log: 1 Time(s) /cfappman/index.cfm: 1 Time(s) /cfcache.map: 1 Time(s) /cfdocs/cfmlsyntaxcheck.cfm: 1 Time(s) /cfdocs/exampleapp/docs/sourcewindow.cfm: 1 Time(s) /cfdocs/exampleapp/email/getfile.cfm: 1 Time(s) /cfdocs/exampleapp/publish/admin/addcontent.cfm: 1 Time(s) /cfdocs/examples/httpclient/mainframeset.cfm: 1 Time(s) /cfdocs/examples/parks/detail.cfm: 1 Time(s) /cfdocs/expelval/displayopenedfile.cfm: 1 Time(s) /cfdocs/expelval/exprcalc.cfm: 1 Time(s) /cfdocs/expelval/openfile.cfm: 1 Time(s) /cfdocs/expelval/sendmail.cfm: 1 Time(s) /cfdocs/expeval/ExprCalc.cfm: 1 Time(s) /cfdocs/expeval/displayopenedfile.cfm: 1 Time(s) /cfdocs/expeval/eval.cfm: 1 Time(s) /cfdocs/expeval/exprcalc.cfm: 1 Time(s) /cfdocs/expeval/openfile.cfm: 1 Time(s) /cfdocs/expeval/sendmail.cfm: 1 Time(s) /cfdocs/root.cfm: 1 Time(s) /cfdocs/snippets/evaluate.cfm: 1 Time(s) /cfdocs/snippets/fileexists.cfm: 1 Time(s) /cfdocs/snippets/gettempdirectory.cfm: 1 Time(s) /cfdocs/snippets/viewexample.cfm: 1 Time(s) /cfide/administrator/index.cfm: 1 Time(s) /cfusion/cfapps/forums/data/forums.mdb: 1 Time(s) /cfusion/cfapps/security/data/realm.mdb: 1 Time(s) /cfusion/cfapps/security/realm_.mdb: 1 Time(s) /cfusion/database/cfsnippets.mdb: 1 Time(s) /cfusion/database/cypress.mdb: 1 Time(s) /cfusion/database/smpolicy.mdb: 1 Time(s) /cgi: 1 Time(s) /cgi-bin: 1 Time(s) /cgi-bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe: 1 Time(s) /cgi-bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe: 1 Time(s) /cgi-bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe: 1 Time(s) /cgi-bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe: 1 Time(s) /cgi-bin/..\\..\\..\\../winnt/system32/cmd.exe: 1 Time(s) /cgi-bin/.._../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /cgi-bin/AT-admin.cgi: 1 Time(s) /cgi-bin/AT-generate.cgi: 1 Time(s) /cgi-bin/Admin_files/order.log: 1 Time(s) /cgi-bin/AnyBoard.cgi: 1 Time(s) /cgi-bin/AnyForm: 1 Time(s) /cgi-bin/AnyForm.cgi: 1 Time(s) /cgi-bin/AnyForm2: 1 Time(s) /cgi-bin/Cgitest.exe: 1 Time(s) /cgi-bin/Count.cgi: 1 Time(s) /cgi-bin/FormHandler.cgi: 1 Time(s) /cgi-bin/GW5: 1 Time(s) /cgi-bin/GW5/GWWEB.EXE: 1 Time(s) /cgi-bin/GWWEB.EXE: 1 Time(s) /cgi-bin/LWGate.cgi: 1 Time(s) /cgi-bin/MachineInfo: 1 Time(s) /cgi-bin/UltraBoard.cgi: 1 Time(s) /cgi-bin/UltraBoard.pl: 1 Time(s) /cgi-bin/add_ftp.cgi: 1 Time(s) /cgi-bin/adp: 1 Time(s) /cgi-bin/adpassword.txt: 1 Time(s) /cgi-bin/ads.setup: 1 Time(s) /cgi-bin/aglimpse: 1 Time(s) /cgi-bin/aglimpse.cgi: 1 Time(s) /cgi-bin/alibaba.pl: 1 Time(s) /cgi-bin/alibaba.pl\\dir: 1 Time(s) /cgi-bin/allmanage.pl: 1 Time(s) /cgi-bin/allmanage/adp: 1 Time(s) /cgi-bin/allmanage/k: 1 Time(s) /cgi-bin/allmanage/settings.cfg: 1 Time(s) /cgi-bin/allmanage/userfile.dat: 1 Time(s) /cgi-bin/allmanageup.pl: 1 Time(s) /cgi-bin/anyboard.cgi: 1 Time(s) /cgi-bin/archie: 1 Time(s) /cgi-bin/architext_query.pl: 1 Time(s) /cgi-bin/ash: 1 Time(s) /cgi-bin/authorize/dbmfiles/users: 1 Time(s) /cgi-bin/ax-admin.cgi: 1 Time(s) /cgi-bin/ax.cgi: 1 Time(s) /cgi-bin/axs.cgi: 1 Time(s) /cgi-bin/bash: 1 Time(s) /cgi-bin/bb-hist.sh: 1 Time(s) /cgi-bin/bigconf.cgi: 2 Time(s) /cgi-bin/bizdb1-search.cgi: 1 Time(s) /cgi-bin/bnbform: 1 Time(s) /cgi-bin/bnbform.cgi: 1 Time(s) /cgi-bin/cachemgr.cgi: 1 Time(s) /cgi-bin/calendar: 1 Time(s) /cgi-bin/calender.pl: 1 Time(s) /cgi-bin/calender_admin.pl: 1 Time(s) /cgi-bin/campas: 1 Time(s) /cgi-bin/carbo.dll: 1 Time(s) /cgi-bin/cart.pl: 1 Time(s) /cgi-bin/ceilidh.exe/ceilidh/?N4: 1 Time(s) /cgi-bin/cgimail.exe: 1 Time(s) /cgi-bin/cgiwrap: 1 Time(s) /cgi-bin/classified.cgi: 1 Time(s) /cgi-bin/classifieds: 1 Time(s) /cgi-bin/classifieds.cgi: 1 Time(s) /cgi-bin/clickresponder.pl: 1 Time(s) /cgi-bin/cmd.exe: 1 Time(s) /cgi-bin/counterfiglet: 1 Time(s) /cgi-bin/csh: 1 Time(s) /cgi-bin/date: 1 Time(s) /cgi-bin/day5datacopier.cgi: 1 Time(s) /cgi-bin/day5datanotifier.cgi: 1 Time(s) /cgi-bin/day5notifier: 1 Time(s) /cgi-bin/dbmlparser.exe: 1 Time(s) /cgi-bin/dig.cgi: 1 Time(s) /cgi-bin/dnewsweb: 1 Time(s) /cgi-bin/download.cgi: 1 Time(s) /cgi-bin/dumpenv.pl: 1 Time(s) /cgi-bin/edit.pl: 1 Time(s) /cgi-bin/environ.cgi: 1 Time(s) /cgi-bin/excite: 1 Time(s) /cgi-bin/faxsurvey: 1 Time(s) /cgi-bin/filemail: 1 Time(s) /cgi-bin/filemail.pl: 1 Time(s) /cgi-bin/files.pl: 1 Time(s) /cgi-bin/finger: 1 Time(s) /cgi-bin/finger.cgi: 1 Time(s) /cgi-bin/finger.pl: 1 Time(s) /cgi-bin/flexform: 1 Time(s) /cgi-bin/flexform.cgi: 1 Time(s) /cgi-bin/formmail.pl: 1 Time(s) /cgi-bin/fortune: 1 Time(s) /cgi-bin/fpcount.exe: 1 Time(s) /cgi-bin/fpexplore.exe: 1 Time(s) /cgi-bin/fpexplorer.exe: 1 Time(s) /cgi-bin/ftp/ftp.pl: 1 Time(s) /cgi-bin/gH.cgi: 1 Time(s) /cgi-bin/get32.exe: 1 Time(s) /cgi-bin/get32.exe\\dir: 1 Time(s) /cgi-bin/glimpse: 1 Time(s) /cgi-bin/guestbook: 1 Time(s) /cgi-bin/guestbook.cgi: 1 Time(s) /cgi-bin/guestbook.pl: 1 Time(s) /cgi-bin/handler: 1 Time(s) /cgi-bin/handler.cgi: 1 Time(s) /cgi-bin/htimage.exe: 1 Time(s) /cgi-bin/htmlscript: 1 Time(s) /cgi-bin/htmlscript?../../../../etc/passwd: 1 Time(s) /cgi-bin/htsearch: 1 Time(s) /cgi-bin/iisadmpwd/achg.htr: 1 Time(s) /cgi-bin/iisadmpwd/aexp.htr: 1 Time(s) /cgi-bin/iisadmpwd/aexp2.htr: 1 Time(s) /cgi-bin/iisadmpwd/anot.htr: 1 Time(s) /cgi-bin/imagemap.exe: 1 Time(s) /cgi-bin/info2www: 1 Time(s) /cgi-bin/infosrch.cgi: 1 Time(s) /cgi-bin/input.bat: 1 Time(s) /cgi-bin/input2.bat: 1 Time(s) /cgi-bin/jj: 1 Time(s) /cgi-bin/k: 1 Time(s) /cgi-bin/ksh: 1 Time(s) /cgi-bin/loadpage.cgi: 1 Time(s) /cgi-bin/lwgate: 1 Time(s) /cgi-bin/lwgate.cgi: 1 Time(s) /cgi-bin/mail: 1 Time(s) /cgi-bin/mailform.exe: 1 Time(s) /cgi-bin/maillist.pl: 1 Time(s) /cgi-bin/makechanges/easysteps/easysteps.pl: 1 Time(s) /cgi-bin/man.sh: 1 Time(s) /cgi-bin/mlog.phtml: 1 Time(s) /cgi-bin/mylog.phtml: 1 Time(s) /cgi-bin/netstat: 1 Time(s) /cgi-bin/nlog-smb.pl: 1 Time(s) /cgi-bin/nph-error.pl: 1 Time(s) /cgi-bin/nph-publish: 1 Time(s) /cgi-bin/nph-test-cgi: 1 Time(s) /cgi-bin/passwd: 1 Time(s) /cgi-bin/passwd.txt: 1 Time(s) /cgi-bin/password: 1 Time(s) /cgi-bin/password.dat: 1 Time(s) /cgi-bin/password.log: 1 Time(s) /cgi-bin/password.txt: 1 Time(s) /cgi-bin/perl: 1 Time(s) /cgi-bin/perl.exe: 1 Time(s) /cgi-bin/perlshop.cgi: 1 Time(s) /cgi-bin/pfdispaly.cgi: 1 Time(s) /cgi-bin/pfdisplay: 1 Time(s) /cgi-bin/pfdisplay.cgi: 1 Time(s) /cgi-bin/phf: 1 Time(s) /cgi-bin/phf.cgi: 1 Time(s) /cgi-bin/phf.pp: 1 Time(s) /cgi-bin/photo_cfg.pl: 1 Time(s) /cgi-bin/php: 1 Time(s) /cgi-bin/php.cgi: 1 Time(s) /cgi-bin/phpscan: 1 Time(s) /cgi-bin/plusmail: 1 Time(s) /cgi-bin/post-query: 1 Time(s) /cgi-bin/postcard.pl: 1 Time(s) /cgi-bin/ppdscgi.exe: 1 Time(s) /cgi-bin/printenv: 1 Time(s) /cgi-bin/process_bug.cgi: 1 Time(s) /cgi-bin/query: 1 Time(s) /cgi-bin/redirect: 1 Time(s) /cgi-bin/responder: 1 Time(s) /cgi-bin/responder.cgi: 1 Time(s) /cgi-bin/rguest.exe: 1 Time(s) /cgi-bin/rksh: 1 Time(s) /cgi-bin/rpm_query: 1 Time(s) /cgi-bin/rsh: 1 Time(s) /cgi-bin/rwwwshell.pl: 1 Time(s) /cgi-bin/sam._: 1 Time(s) /cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1: 1 Time(s) /cgi-bin/scripts/perl.exe: 1 Time(s) /cgi-bin/search.cgi: 1 Time(s) /cgi-bin/search97.vts: 1 Time(s) /cgi-bin/sendform.cgi: 1 Time(s) /cgi-bin/settings.cfg: 1 Time(s) /cgi-bin/sh: 1 Time(s) /cgi-bin/shop.cgi: 1 Time(s) /cgi-bin/shop.cgi/page=../../../../etc/passwd: 1 Time(s) /cgi-bin/snorkerz.bat: 1 Time(s) /cgi-bin/sojourn: 1 Time(s) /cgi-bin/status.cgi: 1 Time(s) /cgi-bin/survey: 1 Time(s) /cgi-bin/survey.cgi: 1 Time(s) /cgi-bin/tcsh: 1 Time(s) /cgi-bin/test-cgi: 1 Time(s) /cgi-bin/test-cgi.tcl: 1 Time(s) /cgi-bin/test-cgi?*: 1 Time(s) /cgi-bin/test-env: 1 Time(s) /cgi-bin/test.bat: 1 Time(s) /cgi-bin/textcounter.pl: 1 Time(s) /cgi-bin/tpgnrock: 1 Time(s) /cgi-bin/tst.bat: 1 Time(s) /cgi-bin/tst.bat\\dir: 1 Time(s) /cgi-bin/unlg1.1: 1 Time(s) /cgi-bin/unlg1.2: 1 Time(s) /cgi-bin/upload.pl: 1 Time(s) /cgi-bin/uptime: 1 Time(s) /cgi-bin/user.dat: 1 Time(s) /cgi-bin/user.log: 1 Time(s) /cgi-bin/userfile.dat: 1 Time(s) /cgi-bin/view-source: 1 Time(s) /cgi-bin/visadmin.exe: 1 Time(s) /cgi-bin/visitor.exe: 1 Time(s) /cgi-bin/w3-msql: 1 Time(s) /cgi-bin/w3-msql/: 1 Time(s) /cgi-bin/w3-sql: 1 Time(s) /cgi-bin/w3tvars.pm: 1 Time(s) /cgi-bin/wais.pl: 1 Time(s) /cgi-bin/webbbs.cgi: 1 Time(s) /cgi-bin/webdist.cgi: 1 Time(s) /cgi-bin/webgais: 1 Time(s) /cgi-bin/webmap.cgi: 1 Time(s) /cgi-bin/webplus: 1 Time(s) /cgi-bin/websendmail: 1 Time(s) /cgi-bin/webwho.pl: 1 Time(s) /cgi-bin/wguest.exe: 1 Time(s) /cgi-bin/whois_raw.cgi: 1 Time(s) /cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd: 1 Time(s) /cgi-bin/windmail.exe: 1 Time(s) /cgi-bin/wrap: 1 Time(s) /cgi-bin/wrap.cgi: 1 Time(s) /cgi-bin/www-sql: 1 Time(s) /cgi-bin/wwwadmin.pl: 1 Time(s) /cgi-bin/wwwboard.cgi: 1 Time(s) /cgi-bin/wwwboard.pl: 1 Time(s) /cgi-bin/zsh: 1 Time(s) /cgi-dos/args.bat: 1 Time(s) /cgi-dos/args.cmd: 1 Time(s) /cgi-local: 1 Time(s) /cgi-shl/win-c-sample.exe: 1 Time(s) /cgi-src: 1 Time(s) /cgi-src/phf.c: 1 Time(s) /cgi-win: 1 Time(s) /cgi-win/perl.exe: 1 Time(s) /cgi-win/uploader.exe: 1 Time(s) /cgi-win/wguest.exe: 1 Time(s) /cgibin: 1 Time(s) /cmd.exe?/c+dir%20c:\\: 1 Time(s) /com1: 1 Time(s) /com2: 1 Time(s) /com3: 1 Time(s) /com4: 1 Time(s) /con/con: 1 Time(s) /config/checks.txt: 1 Time(s) /config/import.txt: 1 Time(s) /config/mountain.cfg: 1 Time(s) /config/orders.txt: 1 Time(s) /cool-logs/mlog.html: 1 Time(s) /cool-logs/mylog.html: 1 Time(s) /database.nsf: 1 Time(s) /default.asp%2e: 1 Time(s) /default.asp%2e%41sp: 1 Time(s) /default.asp%81: 1 Time(s) /default.asp+.htr: 1 Time(s) /default.asp.: 1 Time(s) /default.asp::$DATA: 1 Time(s) /default.asp\\\\: 1 Time(s) /doc: 1 Time(s) /domcfg.nsf: 1 Time(s) /domcfg.nsf/: 1 Time(s) /domcfg.nsf/?open: 1 Time(s) /domlog.nsf: 1 Time(s) /domlog.nsf/: 1 Time(s) /ews/ews/architext_query.pl: 1 Time(s) /font9.css: 1 Time(s) /forum/public/style_images/master/feed.png: 2 Time(s) /galleries/albums/CALLOFDUTY/thumb_vlcsnap ... 22h21m21s66.jpg: 1 Time(s) /galleries/albums/Portraits/Behindblue/thumb_61de.jpg: 1 Time(s) /galleries/albums/Portraits/Blackandwhite/ ... b_garycute2.jpg: 1 Time(s) /galleries/albums/Public/Poa/thumb_2832074 ... 200423415PM.jpg: 1 Time(s) /galleries/albums/userpics/10001/thumb_!BU ... EWloHlw~~_1.JPG: 1 Time(s) /galleries/albums/userpics/10001/thumb_CR_Int_1-10.jpg: 1 Time(s) /galleries/albums/userpics/10001/thumb_Chutzpah1.jpg: 1 Time(s) /galleries/albums/userpics/10001/thumb_Com ... BdywB_2wxfl.jpg: 1 Time(s) /galleries/albums/userpics/10001/thumb_Noi ... Blanc_(102).jpg: 1 Time(s) /galleries/albums/userpics/10001/thumb_reuters-oldman.jpg: 1 Time(s) /galleries/index.php: 1 Time(s) /galleries/index.php?lang=latvian: 1 Time(s) /getfile.cfm: 1 Time(s) /global.asa+.htr: 1 Time(s) /head.css: 1 Time(s) /hosts.dat: 1 Time(s) /iisadmin/: 1 Time(s) /iisadmpwd/achg.htr: 1 Time(s) /iisadmpwd/aexp.htr: 1 Time(s) /iisadmpwd/aexp2.htr: 1 Time(s) /iisadmpwd/aexp2b.htr: 1 Time(s) /iisadmpwd/aexp3.htr: 1 Time(s) /iisadmpwd/aexp4.htr: 1 Time(s) /iisadmpwd/aexp4b.htr: 1 Time(s) /iisadmpwd/anot.htr: 1 Time(s) /iisadmpwd/anot3.htr: 1 Time(s) /iishelp/iis/misc/iirturnh.htw: 1 Time(s) /iissamples/exair/howitworks/code.asp: 1 Time(s) /iissamples/exair/howitworks/codebrws.asp: 1 Time(s) /iissamples/exair/howitworks/showcode.asp: 1 Time(s) /iissamples/exair/search/advsearch.asp: 1 Time(s) /iissamples/exair/search/qfullhit.htw: 1 Time(s) /iissamples/exair/search/qsumrhit.htw: 1 Time(s) /iissamples/exair/search/query.idq: 1 Time(s) /iissamples/exair/search/search.idq: 1 Time(s) /iissamples/iissamples/query.asp: 1 Time(s) /iissamples/issamples/fastq.idq: 1 Time(s) /iissamples/issamples/oop/qfullhit.htw: 1 Time(s) /iissamples/issamples/oop/qsumrhit.htw: 1 Time(s) /iissamples/issamples/query.asp: 1 Time(s) /iissamples/issamples/query.idq: 1 Time(s) /iissamples/sdk/asp/docs/codebrws.asp: 1 Time(s) /image/14749/2002876331779505013_rs.jpg: 1 Time(s) /image/15473/2004442842939541905_rs.jpg: 1 Time(s) /image/16206/2005418337937610951_rs.jpg: 1 Time(s) /include/css.css: 1 Time(s) /include/head.html: 1 Time(s) /index.asp%2e: 1 Time(s) /index.asp%2e%41sp: 1 Time(s) /index.asp%81: 1 Time(s) /index.asp+.htr: 1 Time(s) /index.asp.: 1 Time(s) /index.asp::$DATA: 1 Time(s) /index.asp\\\\: 1 Time(s) /log: 1 Time(s) /log.nsf: 1 Time(s) /log.nsf/: 1 Time(s) /logs: 1 Time(s) /main.asp%2e: 1 Time(s) /main.asp%2e%41sp: 1 Time(s) /main.asp%81: 1 Time(s) /main.asp+.htr: 1 Time(s) /main.asp.: 1 Time(s) /main.asp::$DATA: 1 Time(s) /main.asp\\\\: 1 Time(s) /mall_log_files/order.log: 1 Time(s) /manage/cgi/cgiproc: 1 Time(s) /manager/html: 1 Time(s) /msadc: 1 Time(s) /msadc/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe: 1 Time(s) /msadc/..%c0%2f../..%c0%2f../..%c0%2f../wi ... /cmd.exe?/c+dir: 1 Time(s) /msadc/..%c0%2f../..%c0%2f../..%c0%2f../wi ... e?/c+dir%20c:\\: 1 Time(s) /msadc/..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /msadc/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe: 1 Time(s) /msadc/..%c0%af../..%c0%af../..%c0%af../wi ... /cmd.exe?/c+dir: 1 Time(s) /msadc/..%c0%af../..%c0%af../..%c0%af../wi ... e?/c+dir%20c:\\: 1 Time(s) /msadc/..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /msadc/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe: 1 Time(s) /msadc/..%c1%1c../..%c1%1c../..%c1%1c../wi ... /cmd.exe?/c+dir: 1 Time(s) /msadc/..%c1%1c../..%c1%1c../..%c1%1c../wi ... e?/c+dir%20c:\\: 1 Time(s) /msadc/..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /msadc/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe: 1 Time(s) /msadc/..%c1%9f../..%c1%9f../..%c1%9f../wi ... /cmd.exe?/c+dir: 1 Time(s) /msadc/..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /msadc/..\\../..\\../..\\../winnt/system32 ... e?/c+dir%20c:\\: 1 Time(s) /msadc/..\\../..\\../..\\../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /msadc/..\\..\\..\\../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /msadc/.._../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /msadc/Samples/SELECTOR/codebrws.cfm: 1 Time(s) /msadc/Samples/SELECTOR/showcode.asp: 1 Time(s) /msadc/msadcs.dll: 1 Time(s) /msadc/samples/adctest.asp: 1 Time(s) /msadc/samples/selector/showcode.asp: 1 Time(s) /msadc/samples/selector/showcode.asp_2: 1 Time(s) /msads/Samples/SELECTOR/showcode.asp: 1 Time(s) /msads/samples/selector/showcode.asp: 1 Time(s) /names.nsf: 1 Time(s) /names.nsf/Open: 1 Time(s) /navigate/ews/ews/architext_query.pl: 1 Time(s) /ncl_items.html: 1 Time(s) /null.htw: 1 Time(s) /order/order.log: 1 Time(s) /orders/checks.txt: 1 Time(s) /orders/import.txt: 1 Time(s) /orders/mountain.cfg: 1 Time(s) /orders/order.log: 1 Time(s) /orders/orders.txt: 1 Time(s) /ows-bin/perlidlc.bat: 1 Time(s) /passwd: 1 Time(s) /passwd.txt: 1 Time(s) /password: 1 Time(s) /password.dat: 1 Time(s) /password.log: 1 Time(s) /password.txt: 1 Time(s) /pfdispaly.cgi: 1 Time(s) /photoads/ads_data.pl: 1 Time(s) /photoads/cgi-bin/env.cgi: 1 Time(s) /ping: 1 Time(s) /piranha/secure/passwd.php3: 1 Time(s) /plugins/hwdvs-videoplayer/jwflv/mediaplayer.swf?1503758170: 1 Time(s) /plugins/hwdvs-videoplayer/jwflv/mediaplayer.swf?1527074905: 1 Time(s) /plugins/hwdvs-videoplayer/jwflv/mediaplayer.swf?153996554: 1 Time(s) /plugins/hwdvs-videoplayer/jwflv/mediaplayer.swf?1543534593: 1 Time(s) /plugins/hwdvs-videoplayer/jwflv/mediaplayer.swf?1551167697: 1 Time(s) /plugins/hwdvs-videoplayer/jwflv/mediaplayer.swf?1566090151: 1 Time(s) /plugins/hwdvs-videoplayer/jwflv/mediaplayer.swf?1586516073: 1 Time(s) /plugins/hwdvs-videoplayer/jwflv/mediaplayer.swf?1603472187: 1 Time(s) /plugins/hwdvs-videoplayer/jwflv/mediaplayer.swf?1619305502: 1 Time(s) /prxdocs/misc/prxrch.idq: 1 Time(s) /publisher/: 1 Time(s) /pw/storemgr.pw: 1 Time(s) /quikstore.cfg: 1 Time(s) /rightfax/fuwww.dll/: 1 Time(s) /robots.txt: 6 Time(s) /root: 1 Time(s) /samples/search/queryhit.htm: 1 Time(s) /script/..%c0%2f../..%c0%2f../..%c0%2f../w ... e?/c+dir%20c:\\: 1 Time(s) /script/..%c0%af../..%c0%af../..%c0%af../w ... e?/c+dir%20c:\\: 1 Time(s) /script/..%c1%1c../..%c1%1c../..%c1%1c../w ... e?/c+dir%20c:\\: 1 Time(s) /script/..%c1%9f../..%c1%9f../..%c1%9f../w ... e?/c+dir%20c:\\: 1 Time(s) /script/.._../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /scripts: 1 Time(s) /scripts/: 1 Time(s) /scripts/*: 1 Time(s) /scripts/*.pl: 1 Time(s) /scripts/..%c0%2f..%c0%2f..%c0%2f..%c0%2f. ... ystem32/cmd.exe: 1 Time(s) /scripts/..%c0%2f../..%c0%2f../..%c0%2f../ ... e?/c+dir%20c:\\: 1 Time(s) /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /scripts/..%c0%af..%c0%af..%c0%af..%c0%af. ... ystem32/cmd.exe: 1 Time(s) /scripts/..%c0%af../..%c0%af../..%c0%af../ ... e?/c+dir%20c:\\: 1 Time(s) /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /scripts/..%c1%1c..%c1%1c..%c1%1c..%c1%1c. ... ystem32/cmd.exe: 1 Time(s) /scripts/..%c1%1c../..%c1%1c../..%c1%1c../ ... e?/c+dir%20c:\\: 1 Time(s) /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c. ... ystem32/cmd.exe: 1 Time(s) /scripts/..%c1%9f../..%c1%9f../..%c1%9f../ ... e?/c+dir%20c:\\: 1 Time(s) /scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /scripts/..\\../winnt/system32/cmd.exe?/c+dir%20c:\\: 1 Time(s) /scripts/..\\..\\..\\..\\../winnt/system32 ... e?/c+dir%20c:\\: 1 Time(s) /scripts/..\\..\\..\\..\\../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /scripts/.._../winnt/system32/cmd.exe?/c+dir: 1 Time(s) /scripts/CGImail.exe: 1 Time(s) /scripts/c32web.exe/ChangeAdminPassword: 1 Time(s) /scripts/cart32.exe/cart32clientlist: 1 Time(s) /scripts/cmd.exe: 1 Time(s) /scripts/cmd.exe?/c+dir%20c:\\: 1 Time(s) /scripts/cmd32.exe: 1 Time(s) /scripts/cmd32.exe?/c+dir: 1 Time(s) /scripts/convert.bas: 1 Time(s) /scripts/counter.exe: 1 Time(s) /scripts/cpshost.dll: 1 Time(s) /scripts/dbman/db.cgi?db=invalid-db: 1 Time(s) /scripts/emurl/RECMAN.dll: 1 Time(s) /scripts/environ.pl: 1 Time(s) /scripts/fpcount.exe: 1 Time(s) /scripts/htimage.exe: 1 Time(s) /scripts/iisadmin/bdir.htr: 1 Time(s) /scripts/iisadmin/ism.dll: 1 Time(s) /scripts/iisadmin/ism.dll?http/dir: 1 Time(s) /scripts/iisadmin/tools/ctss.idc: 1 Time(s) /scripts/iisadmin/tools/getdrvrs.exe: 1 Time(s) /scripts/iisadmin/tools/mkilog.exe: 1 Time(s) /scripts/issadmin/bdir.htr: 1 Time(s) /scripts/lsass.exe: 1 Time(s) /scripts/no-such-file.pl: 1 Time(s) /scripts/perl: 1 Time(s) /scripts/pfieffer.bat: 1 Time(s) /scripts/pfieffer.cmd: 1 Time(s) /scripts/postinfo.asp: 1 Time(s) /scripts/proxy/w3proxy.dll: 1 Time(s) /scripts/repost.asp: 1 Time(s) /scripts/rguest.exe: 1 Time(s) /scripts/samples/ctguestb.idc: 1 Time(s) /scripts/samples/details.idc: 1 Time(s) /scripts/samples/search/author.idq: 1 Time(s) /scripts/samples/search/filesize.idq: 1 Time(s) /scripts/samples/search/filetime.idq: 1 Time(s) /scripts/samples/search/qfullhit.htw: 1 Time(s) /scripts/samples/search/qsumrhit.htw: 1 Time(s) /scripts/samples/search/query.idq: 1 Time(s) /scripts/samples/search/queryhit.idq: 1 Time(s) /scripts/samples/search/simple.idq: 1 Time(s) /scripts/samples/search/webhits.exe: 1 Time(s) /scripts/slxweb.dll: 1 Time(s) /scripts/srchadm/webhits.exe: 1 Time(s) /scripts/tools/dsnform.exe: 1 Time(s) /scripts/tools/getdrvrs.exe: 1 Time(s) /scripts/tools/getdrvs.exe: 1 Time(s) /scripts/tools/mkilog.exe: 1 Time(s) /scripts/tools/newdsn.exe: 1 Time(s) /scripts/tools/uploadn.asp: 1 Time(s) /scripts/tools/uploadx.asp: 1 Time(s) /scripts/upload.asp: 1 Time(s) /scripts/uploadn.asp: 1 Time(s) /scripts/uploadx.asp: 1 Time(s) /scripts/visadmin.exe: 1 Time(s) /scripts/wa.exe: 1 Time(s) /scripts/webbbs.exe: 1 Time(s) /scripts/wguest.exe: 1 Time(s) /scripts/wsisa.dll: 1 Time(s) /search: 1 Time(s) /search97.vts: 1 Time(s) /secure/.htaccess: 1 Time(s) /secure/.wwwacl: 1 Time(s) /server-info: 1 Time(s) /server-status: 1 Time(s) /session/adminlogin: 1 Time(s) /showfile.asp: 1 Time(s) /smdata.dat: 1 Time(s) /ssi/envout.bat: 1 Time(s) /today.nsf: 1 Time(s) /tree.dat: 1 Time(s) /user.dat: 1 Time(s) /user.log: 1 Time(s) /usr/local/apache/share/htdocs/.htaccess: 1 Time(s) /web-console/ServerInfo.jsp: 1 Time(s) /web_store.cgi: 1 Time(s) /whois_raw.cgi: 1 Time(s) /ws_ftp.ini: 1 Time(s) /wwwboard.pl: 1 Time(s) /wwwboard/passwd.txt: 1 Time(s) /~bin: 1 Time(s) /~ftp: 1 Time(s) /~guest: 1 Time(s) /~log: 1 Time(s) /~logs: 1 Time(s) /~lp: 1 Time(s) /~named: 1 Time(s) /~root: 2 Time(s) /~test: 1 Time(s) /~tmp: 1 Time(s) ---------------------- httpd End ------------------------- --------------------- Named Begin ------------------------ **Unmatched Entries** connection refused resolving 'beckimp.net/ANY/IN': 204.93.161.117#53: 32 Time(s) connection refused resolving 'beckimp.net/ANY/IN': 204.93.174.210#53: 32 Time(s) connection refused resolving 'dns1.calvertcomputing.com/A/IN': 74.55.139.250#53: 1 Time(s) connection refused resolving 'dns1.calvertcomputing.com/AAAA/IN': 74.55.139.250#53: 1 Time(s) connection refused resolving 'dns2.calvertcomputing.com/A/IN': 74.55.139.250#53: 1 Time(s) connection refused resolving 'dns2.calvertcomputing.com/AAAA/IN': 74.55.139.250#53: 1 Time(s) connection refused resolving 'host.sk/ANY/IN': 195.95.205.252#53: 1 Time(s) connection refused resolving 'ns0.cameldns.com/A/IN': 92.243.18.58#53: 1 Time(s) connection refused resolving 'ns0.cameldns.com/AAAA/IN': 92.243.18.58#53: 1 Time(s) connection refused resolving 'ns1.cameldns.com/A/IN': 92.243.18.58#53: 1 Time(s) connection refused resolving 'ns1.cameldns.com/AAAA/IN': 92.243.18.58#53: 1 Time(s) connection refused resolving 'ns1.celisclick.net/AAAA/IN': 204.93.161.117#53: 8 Time(s) connection refused resolving 'ns1.celisclick.net/AAAA/IN': 204.93.174.210#53: 8 Time(s) connection refused resolving 'ns2.cameldns.com/A/IN': 92.243.18.58#53: 1 Time(s) connection refused resolving 'ns2.cameldns.com/AAAA/IN': 92.243.18.58#53: 1 Time(s) connection refused resolving 'ns2.celisclick.net/AAAA/IN': 204.93.161.117#53: 8 Time(s) connection refused resolving 'ns2.celisclick.net/AAAA/IN': 204.93.174.210#53: 8 Time(s) ---------------------- Named End ------------------------- --------------------- pam_unix Begin ------------------------ proftpd: Unknown Entries: authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd26625 ruser=ftp rhost=46.166.137.110 user=ftp: 1 Time(s) sshd: Authentication Failures: root (46.118.90.21): 221 Time(s) unknown (209.51.134.229): 126 Time(s) root (209.51.134.229): 15 Time(s) unknown (220.248.34.42): 7 Time(s) unknown (112.5.118.37): 5 Time(s) adm (209.51.134.229): 1 Time(s) alias (209.51.134.229): 1 Time(s) apache (209.51.134.229): 1 Time(s) bin (209.51.134.229): 1 Time(s) daemon (209.51.134.229): 1 Time(s) ftp (209.51.134.229): 1 Time(s) games (209.51.134.229): 1 Time(s) gopher (209.51.134.229): 1 Time(s) halt (209.51.134.229): 1 Time(s) lp (209.51.134.229): 1 Time(s) mail (209.51.134.229): 1 Time(s) mailman (209.51.134.229): 1 Time(s) mailnull (209.51.134.229): 1 Time(s) mysql (209.51.134.229): 1 Time(s) named (209.51.134.229): 1 Time(s) news (209.51.134.229): 1 Time(s) nfsnobody (209.51.134.229): 1 Time(s) nobody (209.51.134.229): 1 Time(s) operator (209.51.134.229): 1 Time(s) root (174-143-159-15.static.cloud-ips.com): 1 Time(s) rpc (209.51.134.229): 1 Time(s) rpcuser (209.51.134.229): 1 Time(s) rpm (209.51.134.229): 1 Time(s) shutdown (209.51.134.229): 1 Time(s) smmsp (209.51.134.229): 1 Time(s) sshd (209.51.134.229): 1 Time(s) sync (209.51.134.229): 1 Time(s) uucp (209.51.134.229): 1 Time(s) Invalid Users: Unknown Account: 138 Time(s) ---------------------- pam_unix End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 46.118.90.21 (SOL-FTTB.21.90.118.46.sovam.net.ua): 221 times 174.143.159.15 (174-143-159-15.static.cloud-ips.com): 1 time 209.51.134.229: 42 times Illegal users from: 112.5.118.37: 5 times 209.51.134.229: 126 times 220.248.34.42: 7 times Received disconnect: 11: Bye Bye : 177 Time(s) 11: Goodbye : 221 Time(s) SFTP subsystem requests: 3 Time(s) **Unmatched Entries** reverse mapping checking getaddrinfo for sol-fttb.21.90.118.46.sovam.net.ua failed - POSSIBLE BREAK-IN ATTEMPT! : 221
raindog308 Posted April 7, 2012 Posted April 7, 2012 Were you actually hacked or is this simply logging failed attempts?
markmcfc Posted April 7, 2012 Author Posted April 7, 2012 Hi raindog, i dont actually know as i said above im rubbish at all this stuff and i wouldnt even know where to check, until recently i was with a host who would take care of most exploits for me, but i was forced to move hosts last week. i got the email from teh server with teh info posted above, but what made me panic most was this A total of 13 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): so im thinking it was very close to getting hacked many thanks
markmcfc Posted April 7, 2012 Author Posted April 7, 2012 HI Luis, Im currently running Linux with plesk, is there some way to block the IP? or would i need a firewall etc? i am willing to pay someone to help me setup a firewall and patches to protect the server etc (because as ive said i am useless with the bare server bones) many thanks
Luis Manson Posted April 7, 2012 Posted April 7, 2012 i think the first ones are false positive, since you are on a linux machine and those are windows commands...but check to see if you find them anyways... right now look for help installing fail2ban www.fail2ban.org/ also you could limit incorrect logins from same IP in X time...
markmcfc Posted April 7, 2012 Author Posted April 7, 2012 Thanks luis thats good to know, I will take a look at failtoban, maybe you could help me if i cannot do it? i dont mind making a nice little donation towards your favorite beer charity (known as the pub) ;) thanks again
PeterUK Posted April 8, 2012 Posted April 8, 2012 I'd also be willing to help secure your server via PM here (or better, by instant messenger [Skype chat]). You can see I recently helped another user to setup nginx on their web server to alleviate high Apache load and I also have experience administrating Linux servers of my own, as well as ones which handle a lot of traffic on sites which are targeted for exploits regularly.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.