You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Maxim Vexler <hq...@gmail.com> on 2005/06/07 18:08:19 UTC
[users@httpd] Is this a hacking attempt ?
Is this an hacking attempt ?
Could someone please suggest a way to decrypted the "\xd7\x92\xd7\x99\" things.
## Apache Error log : Start
## IP & domain were blurred for privacy reasons.
####################################################
[Tue Jun 07 17:49:23 2005] [error] [client 62.0.x.x] File does not
exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
####################################################
## Apache Error log : End
Thank you for helping.
--
Cheers,
Maxim Vexler (hq4ever).
Do u GNU ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is this a hacking attempt ?
Posted by Maxim Vexler <hq...@gmail.com>.
On 6/7/05, Patrick Donker <li...@webpagina.nu> wrote:
> Did you do an ip lookup for the source ip? If it belongs to one of the
> searchengine clubs, then it is unlikely.
I did a reverse DNS lookup.
Is this what you meant by "ip lookup" ?
Any tips on this would be most welcome.
>And if it is an attempt, it
> usually is one of those scriptkiddie/zombie IIS hacks...
>
The scriptkiddie is obvious, I wouldn't even bother the list with this
if our server didn't rebooted close to this time.
I'm investigating why the reboot occurred, and the logs I've attached
are ~in the same.
<RANT> windows + servers, oh what a joke </RANT>
Thanks for tips.
--
Cheers,
Maxim Vexler (hq4ever).
Do u GNU ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is this a hacking attempt ?
Posted by Patrick Donker <li...@webpagina.nu>.
Maxim Vexler wrote:
>Is this an hacking attempt ?
>Could someone please suggest a way to decrypted the "\xd7\x92\xd7\x99\" things.
>
>## Apache Error log : Start
>## IP & domain were blurred for privacy reasons.
>####################################################
>
>[Tue Jun 07 17:49:23 2005] [error] [client 62.0.x.x] File does not
>exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
>\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
>http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
>
>[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
>exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
>\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
>http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
>
>[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
>exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
>\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
>http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
>
>[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
>exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
>\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
>http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
>
>[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
>exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
>\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
>http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
>
>[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
>exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
>\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
>http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
>
>[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
>exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
>\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
>http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
>
>[Tue Jun 07 17:49:24 2005] [error] [client 62.0.x.x] File does not
>exist: D:/Inetpub/wwwroot/OURSITENAME/htdocs/PublicGallery/Pics-Public/\xd7\x92\xd7\x99\xd7\x99\xd7\x96
>\xd7\x91\xd7\x9e\xd7\xa7\xd7\x9c\xd7\x97\xd7\xaa, referer:
>http://OURDOMAIN/phpBB2/viewtopic.php?t=6836
>
>####################################################
>## Apache Error log : End
>
>
>Thank you for helping.
>
>
>
Did you do an ip lookup for the source ip? If it belongs to one of the
searchengine clubs, then it is unlikely. And if it is an attempt, it
usually is one of those scriptkiddie/zombie IIS hacks...
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org