-
February 15th, 2006, 04:10 AM
#1
Junior Member
Aaaaaarrrrrrrrrrggggggggghhhhh Hacked Again!!!!!
Hi
I have apache_2.0.55-win32-x86-no_ssl which is the latest version installed on my XP professional PC.
I am using a cisco router with only a few ports open enough to breath just.
have Norton and the XP firewall
With Apache I have used .htaccess file with IP adresses pulled from my error and access log and i placed the IP's in my httpd.conf file.
They still managed to trash my web server, somehow they are turning off my XP fire wall i noticed, can they actually do that? Also I traaced the IP addresses found one from a chinesse university and one from a online holiday booking company obviously they are either masking there IP's or using those servers to stage the attacks.
What can I do my web site is small just for friends and family please help noobie to hacking defece.....:<
below is a section from my error log showing you the stuff im seeing
Madaxe
[Mon Feb 13 05:15:54 2006] [notice] Apache/2.0.55 (Win32) configured -- resuming normal operations
[Mon Feb 13 05:15:54 2006] [notice] Server built: Oct 9 2005 19:16:56
[Mon Feb 13 05:15:54 2006] [notice] Parent: Created child process 2596
[Mon Feb 13 05:15:55 2006] [notice] Child 2596: Child process is running
[Mon Feb 13 05:15:56 2006] [notice] Child 2596: Acquired the start mutex.
[Mon Feb 13 05:15:56 2006] [notice] Child 2596: Starting 250 worker threads.
[Mon Feb 13 06:40:37 2006] [warn] [client 212.95.252.16] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Mon Feb 13 06:49:23 2006] [error] [client 136.1.1.33] File does not exist: C:/Documents and Settings/jack malone/My Documents/My Website/css, referer: http://www.mcjeeves.net/~jack%20malone/STAY%20BAR.html
[Mon Feb 13 06:49:28 2006] [warn] [client 136.1.1.33] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Mon Feb 13 06:52:10 2006] [error] [client 136.1.1.33] File does not exist: C:/Documents and Settings/F1/My Documents/My Website/interaction_home.html, referer: http://www.mcjeeves.net/~f1/CalendarPage.html
[Mon Feb 13 06:52:20 2006] [warn] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting
[Mon Feb 13 08:13:27 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Mon Feb 13 12:25:20 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Mon Feb 13 13:10:20 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Mon Feb 13 14:58:24 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Mon Feb 13 15:28:51 2006] [warn] [client 69.14.65.191] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Mon Feb 13 16:36:13 2006] [error] [client 216.145.14.142] File does not exist: F:/yellowdogs/robots.txt, referer: http://www.whois.sc/
[Mon Feb 13 16:36:14 2006] [warn] [client 216.145.14.142] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed, referer: http://www.whois.sc/mcjeeves.net
[Mon Feb 13 17:13:13 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/awstats
[Mon Feb 13 17:13:15 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/cgi-bin
[Mon Feb 13 17:13:16 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/cgi-bin
[Mon Feb 13 17:13:19 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/blog
[Mon Feb 13 17:13:19 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/xmlrpc.php
[Mon Feb 13 17:13:21 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/blog
[Mon Feb 13 17:13:22 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/blogs
[Mon Feb 13 17:13:23 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/drupal
[Mon Feb 13 17:13:26 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/phpgroupware
[Mon Feb 13 17:13:26 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/wordpress
[Mon Feb 13 17:13:27 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/xmlrpc.php
[Mon Feb 13 17:13:30 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/xmlsrv
[Mon Feb 13 17:13:30 2006] [error] [client 218.104.211.118] File does not exist: F:/yellowdogs/xmlrpc
-
February 15th, 2006, 08:32 AM
#2
Member
Check Google for some vulnerabilities that could affect your server. See the Solution section and update your server.
The access to the computer or
anything else that shows us how the
world works must be total and
unlimited.
-
February 15th, 2006, 09:03 AM
#3
You can have the latest apache, firewalls and what not.. But if the website itself is vulnerable...
Can't really tell what's happening from the log you posted..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
February 15th, 2006, 10:37 AM
#4
You check for trojans, worms and viruses? I'd shake that thing down for any RATS first.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
February 15th, 2006, 03:16 PM
#5
The title of this threas is "hacked again"
So the previous time you were hacked.....what did you do to resolve it???
Because something may have been left behind which is allowing access again to your "server"...
Best practice for a server that has been compromised is to backup data only format\reinstall\rebuild........and to confirm that the data you restore is malware free
This has many documents on securing your machine and detecting\recovering from an attack.
http://www.us-cert.gov/reading_room/
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
February 15th, 2006, 03:38 PM
#6
Did you change your usernames and passwords after you were hacked last time? If not, you probably left your keys hanging in your front door.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
February 19th, 2006, 08:15 PM
#7
Junior Member
hi all
i ahve cleanned my machine and installed norton internet security this is keeping them at bay however they are now doing denial of service attacks on my router how do i stop this
Madaxe
alittle happier than last time
-
February 19th, 2006, 08:22 PM
#8
Send your router logs to your isp...They may be able to help??
Depends on your router what you can do on your end?
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|