Author |
Topic |
|
Flash
Full Member
Australia
637 Posts |
Posted - 20 Oct 2002 : 05:58:58
It's interesting what you find in your server logs. My Quadra 605 server has been fairly regurlarly hit by someone with the following results (IP address xxx-ed to protect the stupid):10/20/02 18:12:32 xxx.xx.17.128 :scripts:..¡ú..:winnt:system32:cmd.exe GET ERR! 185 10/20/02 18:12:34 xxx.xx.17.128 :scripts:..5c..:winnt:system32:cmd.exe GET ERR! 185 10/20/02 18:12:36 xxx.xx.17.128 :scripts:..%5c..:winnt:system32:cmd.exe GET ERR! 185 10/20/02 18:12:38 xxx.xx.17.128 :scripts:..%2f..:winnt:system32:cmd.exe GET ERR! 185 It's obviously something working on automatic coz if they realised they were looking at a Mac maybe they'd stop looking for stuff in the WinNT 'system folder' A handy little tool for identifying servers can be found over at Gibson Research (www.grc.com) Look for "idserve.exe", he's got a bunch of other handy tools too. So what's in your server log? Anything interesting? 68k ParaMedic |
Trash80toG-4
NIGHT STALKER
USA
2899 Posts |
Posted - 20 Oct 2002 : 06:43:42
quote:
So what's in your server log? Anything interesting?
dunno . . . whassa server log?Thanks for the link tho, this one is frightening: http://grc.com/downloaders.htm All this online security stuff makes me nuts, I regularly crunch all but a few tagged cookies. I think it's time to try to get OmniWeb up and running again. jt ™. Trash Hauler: call sign: eight-ball C.O. AC-130H SpecOps 68kMLAAF |
Flash
Full Member
Australia
637 Posts |
Posted - 20 Oct 2002 : 07:10:03
Most web servers will create a log file of everyone who has visited, what URL they looked at, bytes sent, what browser (and therefore what operating system) they are using...etc The log file itself is just a text file and you usually need a third party application to analyse the log and give useful statistics.If you were to visit http://210.50.100.16/ right now, then I will be able to 'see' you as you travel around my Quadra. (it's a dynamic address, so you'd have to visit right now ) Translation of the log i've shown is: Date | Time | IP adress | URL | Method | Result The URL bit is interesting coz it shows the file path that they were looking for. In PC land the : would be substituted with a \ , for example C:\WinNT\System32\cmd.exe A lot of servers are set up in a similar fashion, and by that I mean the physical layout of files and folders. That means that a hacker, even with limited knowledge, can make some assumptions and start looking for files to screw things up. If they can gain control of the Server/PC by accessing the command prompt then they can cause all sorts of havoc. Other popular folder to look for are where scripts and CGI's are stored. If they manage to upload a script to your server, then activate it via their own browser, there is the chance that they can do damage. An easy way of making your server more secure is, while configuring, to rename and move folders from their 'standard' locations. 68k ParaMedic |
Da Penguin
Senior Member
USA
1094 Posts |
Posted - 20 Oct 2002 : 09:25:14
I get hits like that ALL the time, from LOTS of sources. It is crazy how many hits I get, fortuneatly webstar allows me to set it up to block many of the requests because they are so close together (time-wise).Also, I had to set up some security on my mail server, I had spammers trying to use my smtp to send mail!! ~The Penguin | Captain, Intelligence Operations / Space Cowboy | There is only one path and that is the path that you take, but you can take more than one path. | 68k.torpedobird.com <-- Official Hotline Server | |
Clinton
Full Member
USA
700 Posts |
Posted - 20 Oct 2002 : 11:48:12
ya, I've had that problem too, we use InterMail Post.Office for smtp serving, and it is a pain in the ass to keep spammers from using it. The first time people started relaying mail through it, I traced back the IP address and sent 6 consecutive nukes at it. Needless to say, the spamming stopped. CCCLieutennant Commander (Pronounced Leftennant) Guardian of Obsolete Equipment 68k Macs Rescued: 2 Pluses, a 512KE, a Classic II, and a Quadra 650 Contraband rescued: Power Computing PowerBase 200, and a PM 8600/300 Apple // series rescued: Apple //e |
MrLynn
Junior Member
USA
394 Posts |
Posted - 20 Oct 2002 : 21:15:41
Remind me to not set up an Internet server.It's bad enough I've got to put our NT/Win98 office LAN on the Internet. Just protecting that from viri and worms will be nightmare enough; who needs spammers and hackers? /Mr Lynn Curator of: SE (6.0.4), SE w. 020 accelerator (6.0.8), SE w. no HD, IIfx (7.1), IIci (bad HD); plus various PPCs in family (blue G3/350 is main Mac these days). |
Flash
Full Member
Australia
637 Posts |
Posted - 27 Oct 2002 : 07:57:05
A couple of people had another go at my server tonite. So I duely traced their IP to see if I could get them back in any way - they both had static IP's and anonymous FTP operating. So I created a text document and left them a nice message saying "f**k off!" heh heh, can't wait till they check their own logs and/or find the message 68k ParaMedic Edited by - Flash on 27 Oct 2002 07:58:38 |
thelip
Full Member
USA
729 Posts |
Posted - 27 Oct 2002 : 11:33:16
From my experience the requests for winnt files and the like are automated viruses that just hop from server to server. You'd be surprised how many people use broadband with absoluetly no firewall. As we all know one of the perks of the mac is that this is a joke to us and nothing else, but what happens if apple were to gain more market share? (i know it's hard to imagine) My peecee friend's have countless virus scanners, firewalls, etc. that just plain is never a concern to me as a mac user, yet nobody can grasp this concept of having a secure platform to use? WTF is the matter with people?! I'm still on the microsoft gives you nothing mode. sometimes, my mac is the dmz host on my nework and i could care less... I've the security of unix on mac hardware. The only problem i had was with having EIMS running on my 476. It created an open relay that was swamped with spammers trying to use my server to get their junk out. I don't think that would be a problem if i used 2 seperate machines, one for incoming traffic and one for outgoing. I never tested that out, i just went to webstar and i've never had a problem. _______________________ Sgt. Thelip Heavy Weapons Specialist - 950 division Keeper of the MLA Tracker - mlatracker.dyndns.org |
Flash
Full Member
Australia
637 Posts |
Posted - 02 Dec 2002 : 03:15:23
I know what you mean by when you say "it's a joke to us...", although I am sure there are Mac server hackers out there...somewhere...few and far between..... I'll bet there's at least 100 people who know something about how to get into a WebStar server(?). It does amaze me though how relatively safe Macs are compared to PC's in any issues to do with networking/filesharing. by the way, just as a little experiment I have created the directory: http://......../c/winnt/system32/ And I've put a copy of cmd.exe in there - just to see what happens. Just as soon as I've got my damn PC working again **looks at PC laying in pieces on the floor, still in pieces coz it's only recognising 128MB RAM and it should be 256 so i've got to flash myself at the BIOS which sounds a little strange to me** anyway, once it's going I've got a little .exe on there which will open about 200 little dialog boxes with OK buttons that will open up all over the screen of the PC that executes it. I'm thinking I might put that in there rename it to "cmd.exe" hahahahaha
68k ParaMedic |
Commodore64
Starting Member
Sweden
47 Posts |
Posted - 02 Dec 2002 : 04:18:18
quote: So what's in your server log? Anything interesting?
Well.. Just the usual automated crap trying to access cmd.exe and stuff like that (up to about 26 requests for that today). ------------ No life - No problems Liberated 68k macs: 9 Liberated PPC macs: 5 "Main mac": Daystar Genesis MP360+ |
Beanie
Starting Member
USA
15 Posts |
Posted - 02 Dec 2002 : 15:37:42
quote: So what's in your server log? Anything interesting?
I dunno. I'm running an XP machine, and uninstalled IIS today. That's about as insecure as possible. I'm thinking of setting my Mac SE up as a web server and see if anyone tries to do anything interesting to it. :-D --Beanie
|
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 02 Dec 2002 : 22:25:40
LOL!!!!! well I'm thinking that I'll have to install Apache on my .NET machine then ;)??? well the place where .NET'll be is either at school (onone'll be able to get to it and i won'e be able to get out) OR at a friends house... (It'll have a CLI nix on it by the tme i see it again)other than that... :shiffles: I've never had a server log to speak of.... Official 68k videographer |