hack attempt?
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: hack attempt?

  1. #1
    Junior Member
    Join Date
    Jun 2002
    Posts
    13

    Question hack attempt?

    I think some jerk might be trying to hack me. Has anyone else had any intrusion attempts on their machine from IP 85.255.115.227? I traced the address on RIPE.net and it came back to some ISP in the Ukraine. My firewall stopped it trying to use something called "HTTP MS IE Dbl Backslash Local Zone Exec". After that, my AVS program got Download.Trojan and some other random trojan horse program in my Internet Explorer temporary files. So far, this IP address has tried to hit me twice, once while using my laptop at home, and once while using it at school. Has anybody else had a problem from this source? If so, what can be done about it?

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Are you sure you dont have something on your laptop calling the IP address..."calling home"

    so when you are connected to the internet the IP is alerted and tries to come back at you.

    Sounds like a piece of malware "calling home"

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Member
    Join Date
    Jan 2004
    Posts
    69
    Block that IP address in your firewall and see if this keeps up.

  4. #4
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    I would say you definatley have something installed that you shouldnt have!

    If you think about it, When your at home you will have a different IP address than when you are at school, so if he has managed to find you in two different locations, you definatley have something 'calling home' as MLF said!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    Why don't you post your firewall log entries which contain this ip address? Make sure you remove or obscure your own ip address.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  6. #6
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    Block that IP address in your firewall and see if this keeps up.
    Not gonna work if he has a dynamic IP address which is what 99.9% of home users have.

    Also, Downloader.Trojan is exactly that. A trojan that downloads other spyware/adware/virii nasty type stuff. I would say that this is a 'calling home' situation for sure. Let's see those FW logs though, (obscuring your own info of course)
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  7. #7
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    Ukraine??

    I found the server at 85.255.115.227 in Amsterdam in the Netherlands. And he is running using Apache version 1.3.34 and PHP 4.40.

    I've included a jpg listing a few ports under 200 that he's vulnerable with.

    Have fun.

    (The RIPE Whois resolves to Ukraine, but I don't trust it.)
    ZT3000
    Beta tester of "0"s and "1"s"

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Might I recommend that you install all the current MS security patches?

    This is what might be on your machine:

    http://www.symantec.com/avcenter/att...gs/s21421.html

    Good luck

    Yes, I agree that the Ukraine does sound a bit suspicious
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Here's a couple of pages on Downloader.trojan:

    http://www.symantec.com/avcenter/ven...er.trojan.html

    http://www.computing.net/security/ww...rum/14592.html

    These threats are constantly evolving, you've got a full blown case of spyware. You got your work cut out for you.

    Fwiw, it got in via an unsecured Internet Explorer. You need to tighten up IE or switch browsers.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #10
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Don't forget to shut off system restore before all the cleansing and then establish a new restore point when your box is squeaky clean. There's several thorough malware cleaning posts in AO, Ole Fox put together a cleaning tutorial so you might want to take a peek at it Foxyloxley

    If I may add two cents, also include Ewido in your tool bag.

    cheers
    Connection refused, try again later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides