10/20/02 18:12:32 xxx.xx.17.128 :scripts:..¡ú..:winnt:system32:cmd.exe GET ERR! 185
10/20/02 18:12:34 xxx.xx.17.128 :scripts:..5c..:winnt:system32:cmd.exe GET ERR! 185
10/20/02 18:12:36 xxx.xx.17.128 :scripts:..%5c..:winnt:system32:cmd.exe GET ERR! 185
10/20/02 18:12:38 xxx.xx.17.128 :scripts:..%2f..:winnt:system32:cmd.exe GET ERR! 185

It's obviously something working on automatic coz if they realised they were looking at a Mac maybe they'd stop looking for stuff in the WinNT 'system folder'
A handy little tool for identifying servers can be found over at Gibson Research (www.grc.com) Look for "idserve.exe", he's got a bunch of other handy tools too.

So what's in your server log? Anything interesting?

quote:

---

So what's in your server log? Anything interesting?

---

jt ™.
Trash Hauler: call sign: eight-ball
C.O. AC-130H SpecOps 68kMLAAF

If you were to visit http://210.50.100.16/ right now, then I will be able to 'see' you as you travel around my Quadra. (it's a dynamic address, so you'd have to visit right now )

Translation of the log i've shown is:
Date | Time | IP adress | URL | Method | Result

The URL bit is interesting coz it shows the file path that they were looking for. In PC land the : would be substituted with a \ , for example C:\WinNT\System32\cmd.exe A lot of servers are set up in a similar fashion, and by that I mean the physical layout of files and folders. That means that a hacker, even with limited knowledge, can make some assumptions and start looking for files to screw things up. If they can gain control of the Server/PC by accessing the command prompt then they can cause all sorts of havoc. Other popular folder to look for are where scripts and CGI's are stored. If they manage to upload a script to your server, then activate it via their own browser, there is the chance that they can do damage. An easy way of making your server more secure is, while configuring, to rename and move folders from their 'standard' locations.

Also, I had to set up some security on my mail server, I had spammers trying to use my smtp to send mail!!

~The Penguin

It's bad enough I've got to put our NT/Win98 office LAN on the Internet. Just protecting that from viri and worms will be nightmare enough; who needs spammers and hackers?

/Mr Lynn

heh heh, can't wait till they check their own logs and/or find the message

68k ParaMedic

The only problem i had was with having EIMS running on my 476. It created an open relay that was swamped with spammers trying to use my server to get their junk out. I don't think that would be a problem if i used 2 seperate machines, one for incoming traffic and one for outgoing. I never tested that out, i just went to webstar and i've never had a problem.

by the way, just as a little experiment I have created the directory:
http://......../c/winnt/system32/
And I've put a copy of cmd.exe in there - just to see what happens. Just as soon as I've got my damn PC working again **looks at PC laying in pieces on the floor, still in pieces coz it's only recognising 128MB RAM and it should be 256 so i've got to flash myself at the BIOS which sounds a little strange to me** anyway, once it's going I've got a little .exe on there which will open about 200 little dialog boxes with OK buttons that will open up all over the screen of the PC that executes it. I'm thinking I might put that in there rename it to "cmd.exe" hahahahaha

quote:

---

So what's in your server log? Anything interesting?

---

------------
No life - No problems
Liberated 68k macs: 9
Liberated PPC macs: 5
"Main mac": Daystar Genesis MP360+

quote:

---

So what's in your server log? Anything interesting?

---

other than that... :shiffles: I've never had a server log to speak of....

68k Macintosh Liberation Army Forums

© 2001-2003 68kMLA