Forum Moderators: DixonJones
please help
the entries of particular interest are;
221.219.7.100 - - [30/May/2008:00:38:46 +0530] "/\xbf\xda\x9a\xa0\xb5+\xbdV\x94N\xa1T\x8dZl"
400 226
75.183.46.104 - - [30/May/2008:00:40:26 +0530] "\xf9\xfa\x01\xe2YGC\x16\xf4\xd0¦\xeb\xf3\x9e\x86\xfd\xfc\x91-
\xf85\xdbi;%YX\xd2\x15P\xed,a\xea=a\x97\x01'\xdf\x89\xc5\x94\x02\x83\xc8\xc0\xdd(\xd0\x8f\xe1\x18\x18\r
\xb3\xc2\xddXwKV`h\x85s<\xe9}\xe6\x95\x18\x8d3O_]kn$.\xa9\xa9;\xd6\x8ft\x89\xe1`Y\xf4'*\x94¦\xa1X\xa3
\xd0
\xf8\xfdD\xafJ\xc2\x16\xd4\x83\xe1k!\xd1\v\x82;?'\x15z9A nK\x17\x97\b\x81\x9c\x9d\x90W\x8c\x82\xb9C\xbf\xd5n\
x101\x94\xfb\xb0\xc6\xee\xfe\x0fNL,KRe\xfa\x9c
\xcdTe\xdd\xdcQ\xd2\xb0`\xed\xc3\xda\xba\x07K\xd9\x96\x82¦\xe9\xad\xcfF\x91\xdc^+\xc3+\xe8\x0c\xb6e
\xea\xf1z\x1b%fWt<\x1d\x1d\x8b*>\xc0\xb7\xb9UR\x07\x16"
400 226
221.219.7.100 - - [30/May/2008:00:44:43 +0530] "/\xbf\xda\x9a\xa0\xb5+\xbdV\x94N\xa1T\x8dZl"
400 226
201.233.247.79 - - [30/May/2008:09:53:23 +0530] ".\xfe\x95\xc2\xcf\xd9\x89\x05\xa9\xca\xdb\xc3\xd3Q\xbfWhMWu
\xbc/+N\x97}VSb\xf1\x8afuL\x9b\xaa\x97'\x19\xac¦ &\xe0\xc9\xf0'\xc6\x04\x92\xdb\x89*\xcf\xb6k\xc9\x8f\xd1V\xcbq\xb6L\x85"
400 226
24.201.120.166 - - [30/May/2008:09:56:59 +0530] "\xdc\xd3\xa3\x85\x9b\xba\xba\\\xcb*\x8d\x95
\\\xf0%\x161E"
501 230
127.0.0.1 - - [03/Jun/2008:16:00:56 +0530] "GET /program%20files/acoustica%20beatcraft/library/included%20sounds/
smart%20loops/percussion/canjira%20low.ogg HTTP/1.1"
404 294
127.0.0.1 - - [04/Jun/2008:00:22:40 +0530] "GET /www/delivery/ajs.php?zoneid=5&cb=62342159114&loc=http%3A//suprbay.org/showthread.php%3Ft%3D15115&referer=
http%3A//www.google.co.in/search%3Fhl%3Den%26client
%3Dfirefox-a%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26hs%3DCMw%26q%3Dbtguard+torrent%26start%3D10%26sa%3DN HTTP/1.1"
404 218
59.93.218.166 - - [06/Jun/2008:22:39:58 +0530] "GET /inetin51.zip HTTP/1.1" 404 210
127.0.0.1 - - [10/Jun/2008:22:29:21 +0530] "GET /popup.php?1213117161281&id=bennett&pop=enter&t=5&subid=73135&blk=1&fc=-1 HTTP/1.1"
404 207
127.0.0.1 - - [11/Jun/2008:00:27:54 +0530] "GET /php/site_logging.php?g=a671a075f2/ga671ab76fe&s=http%3A//
rapidlibrary.com/download_file_i.php%3Fqq%3Dindian%2520desi%2520scandal%26file%3D1941966%26desc
%3Ddesi-nalban-scandal+.avi&t=gateway&au=http://rapidlibrary.com/download_file_i.php?qq=
indian%20desi%20scandal&file=1941966&desc=desi-nalban-scandal+.avi HTTP/1.1"
404 218
127.0.0.1 - - [11/Jun/2008:00:27:54 +0530] "GET /php/minify.php?files=js/common/DetectEnvironment.js,
js/common/ErrorHandler.js,js/common/common.js,js/common/mozxpath.js,js/common/BrandAccess.js,
js/common/BrandInstaller.js,js/common/Brands.js,js/common/Logger.js,js/common/PluginDetection.js,
js/common/UserProfile.js,js/common/UserSetting.js,js/gateway/redirect.js HTTP/1.1"
404 212
192.168.1.3 - - [11/Jun/2008:07:39:23 +0530] "he\b\b\b\b\b\bGET INDEX"
400 226
and now-a-days entries from 127.0.0.1 have really increased.,
I am the only user of this comp and malware scan s show that the machine is clean..
so how are those requests generated?
is someone fakin' their IP?
and another thing;
i use torrent services very much..
and the file mentioned in
""59.93.218.166 - - [06/Jun/2008:22:39:58 +0530] "GET /inetin51.zip HTTP/1.1" 404 210""
ie "inetin51.zip" is some malwate associated with torrent clients
(though inetin51.exe is a file related to IIS)
[edited by: tedster at 9:05 am (utc) on June 12, 2008]
[edited by: Receptional at 4:07 pm (utc) on June 12, 2008]
[edit reason] added line breaks to prevent side-scroll [/edit]
Requests from 127.0.0.1 are locally generated - 127.0.0.1 is not real internet IP and is located on every computer - its alias is 'localhost'
is my machine compromised?
