Welcome to WebmasterWorld Guest from 50.19.57.50

Forum Moderators: phranque

Message Too Old, No Replies

Serious problems with our site. A virus? A hacker?

Serious problems with our site. A virus? A hacker?

     

protgers

1:46 am on Feb 11, 2002 (gmt 0)

Inactive Member
Account Expired

 
 


Hi!

We are having big problems with our site.

We checked our log-files with Web Trends and noticed that there are many strange entries: visits to directories that do not (or should not?) excist.

Please check the statistics for last january at:
Revised to read
Our log files contain hundreds of entries like:
/scripts/..%5c../winnt/system32/cmd.exe?/c+dir
/scripts/root.exe?/c+dir
/MSADC/root.exe?/c+dir
etc.

The satistics for 2000-2002 are not relevant to this discussion.

Are we under attack by a hacker or is it a virus? I do hope that
somebody can help. Thanks in advance!

Regards,
Peter Rotgers

(edited by: DaveAtIFG at 5:43 pm (utc) on Feb. 11, 2002)

1:51 am on Feb 11, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 8, 2001
posts:1402
votes: 0


I'm no expert, but those requests sure look like the hack attempts that my PC firewall intercepts.

I am not a Microsoft server user, but hopefully someone more knowledgable should be able to advise how to deal with it.

2:20 am on Feb 11, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


<snip>Please check the statistics for last january at:
URL snipped>

Either a visitor or your site is infected with a virus.

Sorry I don't recall the name of it.

(edited by: DaveAtIFG at 5:41 pm (utc) on Feb. 11, 2002)

2:24 am on Feb 11, 2002 (gmt 0)

Moderator

WebmasterWorld Administrator lawman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 28, 2001
posts:3569
votes: 41


The first time I saw similar attempts several months ago, I contacted my host who verified that someone is trying to hack into the server. I was told not to worry about it, that they had everything under control. I didn't know whether to believe them or not. I still see the same attmepts, but so far nothing has come of them.

You might want to let your host know about it. Perhaps they can reassure you.

Lawman

2:29 am on Feb 11, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 10, 2001
posts:1551
votes: 10


It's been around half a year now. see original thread [webmasterworld.com]
3:28 am on Feb 11, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 27, 2001
posts:1472
votes: 0


I get a headache whenever I view a Webtrends report (lack of usable information).

Is that amount of 404 errors normal for your site and if not, can you find out which IPs were making those requests? More specifically, I am curious as to how many of those IP's begin with 64.

9:27 am on Feb 11, 2002 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 19, 2001
posts:104
votes: 0


these look to me like the lines my log files were rife with a while back... was the nimda virus (??) looking for a way in
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members