Aaaaaarrrrrrrrrrggggggggghhhhh Hacked Again!!!!!
Results 1 to 8 of 8

Thread: Aaaaaarrrrrrrrrrggggggggghhhhh Hacked Again!!!!!

  1. #1
    Junior Member
    Join Date
    Feb 2006
    Posts
    4

    Angry Aaaaaarrrrrrrrrrggggggggghhhhh Hacked Again!!!!!

    Hi

    I have apache_2.0.55-win32-x86-no_ssl which is the latest version installed on my XP professional PC.

    I am using a cisco router with only a few ports open enough to breath just.

    have Norton and the XP firewall

    With Apache I have used .htaccess file with IP adresses pulled from my error and access log and i placed the IP's in my httpd.conf file.

    They still managed to trash my web server, somehow they are turning off my XP fire wall i noticed, can they actually do that? Also I traaced the IP addresses found one from a chinesse university and one from a online holiday booking company obviously they are either masking there IP's or using those servers to stage the attacks.

    What can I do my web site is small just for friends and family please help noobie to hacking defece.....:&lt

    below is a section from my error log showing you the stuff im seeing

    Madaxe


    [Mon Feb 13 05:15:54 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations
    [Mon Feb 13 05:15:54 2006] [notice] Server built: Oct 9 2005 19:16:56
    [Mon Feb 13 05:15:54 2006] [notice] Parent: Created child process 2596
    [Mon Feb 13 05:15:55 2006] [notice] Child 2596: Child process is running
    [Mon Feb 13 05:15:56 2006] [notice] Child 2596: Acquired the start mutex.
    [Mon Feb 13 05:15:56 2006] [notice] Child 2596: Starting 250 worker threads.
    [Mon Feb 13 06:40:37 2006] [warn] [client 212.95.252.16] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
    [Mon Feb 13 06:49:23 2006] [error] [client 136.1.1.33] File does not exist: C:/Documents and Settings/jack malone/My Documents/My Website/css, referer: http://www.mcjeeves.net/~jack%20malone/STAY%20BAR.html
    [Mon Feb 13 06:49:28 2006] [warn] [client 136.1.1.33] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
    [Mon Feb 13 06:52:10 2006] [error] [client 136.1.1.33] File does not exist: C:/Documents and Settings/F1/My Documents/My Website/interaction_home.html, referer: http://www.mcjeeves.net/~f1/CalendarPage.html
    [Mon Feb 13 06:52:20 2006] [warn] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting
    [Mon Feb 13 08:13:27 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
    [Mon Feb 13 12:25:20 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
    [Mon Feb 13 13:10:20 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
    [Mon Feb 13 14:58:24 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
    [Mon Feb 13 15:28:51 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
    [Mon Feb 13 16:36:13 2006] [error] [client 216.145.14.142] File does not exist: F:/yellowdogs/robots.txt, referer: http://www.whois.sc/
    [Mon Feb 13 16:36:14 2006] [warn] [client 216.145.14.142] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed, referer: http://www.whois.sc/mcjeeves.net
    [Mon Feb 13 17:13:13 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/awstats
    [Mon Feb 13 17:13:15 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/cgi-bin
    [Mon Feb 13 17:13:16 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/cgi-bin
    [Mon Feb 13 17:13:19 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/blog
    [Mon Feb 13 17:13:19 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/xmlrpc.php
    [Mon Feb 13 17:13:21 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/blog
    [Mon Feb 13 17:13:22 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/blogs
    [Mon Feb 13 17:13:23 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/drupal
    [Mon Feb 13 17:13:26 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/phpgroupware
    [Mon Feb 13 17:13:26 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/wordpress
    [Mon Feb 13 17:13:27 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/xmlrpc.php
    [Mon Feb 13 17:13:30 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/xmlsrv
    [Mon Feb 13 17:13:30 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/xmlrpc

  2. #2
    Check Google for some vulnerabilities that could affect your server. See the Solution section and update your server.
    The access to the computer or
    anything else that shows us how the
    world works must be total and
    unlimited.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    You can have the latest apache, firewalls and what not.. But if the website itself is vulnerable...
    Can't really tell what's happening from the log you posted..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    You check for trojans, worms and viruses? I'd shake that thing down for any RATS first.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    The title of this threas is "hacked again"

    So the previous time you were hacked.....what did you do to resolve it???

    Because something may have been left behind which is allowing access again to your "server"...

    Best practice for a server that has been compromised is to backup data only format\reinstall\rebuild........and to confirm that the data you restore is malware free

    This has many documents on securing your machine and detecting\recovering from an attack.

    http://www.us-cert.gov/reading_room/

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Did you change your usernames and passwords after you were hacked last time? If not, you probably left your keys hanging in your front door.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  7. #7
    Junior Member
    Join Date
    Feb 2006
    Posts
    4
    hi all

    i ahve cleanned my machine and installed norton internet security this is keeping them at bay however they are now doing denial of service attacks on my router how do i stop this

    Madaxe
    alittle happier than last time

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Send your router logs to your isp...They may be able to help??

    Depends on your router what you can do on your end?

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •