Scribd Logo
Upload

Welcome to Scribd!

  • Website Hacking Attempt

    Uploaded by

    Ashri Marpaung
    27 views3 pages
    A few hours ago someone had a go at some of our sites, they didn't get anywhere as > >> the server is patched up and filtered with Urlscan. Xxx out your IP still leaves your IP in news msg exposed.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A few hours ago someone had a go at some of our sites, they didn't get anywhere as > >> the server is patched up and filtered with Urlscan. Xxx out your IP still leaves your IP in news msg exposed.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views3 pages

    Website Hacking Attempt

    Uploaded by

    Ashri Marpaung
    A few hours ago someone had a go at some of our sites, they didn't get anywhere as > >> the server is patched up and filtered with Urlscan. Xxx out your IP still leaves your IP in news msg exposed.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    comp.security.misc: Re: Website Hacking Attempt − letting the IP Block owners know?

    Re: Website Hacking Attempt − letting the IP Block


    owners know?

    Source: http://www.derkeiler.com/Newsgroups/comp.security.misc/2002−10/0740.html

    From: Don Grover (dgrover@assoft.com.au)


    Date: 06/22/02

    From: "Don Grover" <dgrover@assoft.com.au>


    Date: Sat, 22 Jun 2002 21:19:47 GMT

    Just of interest, XX out your IP still leaves your IP in news msg exposed
    Organization: Posted via Supernews, http://www.supernews.com
    Message−ID: <Xns9235E0520966Epaulhutchingsgmxnet@216.168.3.XX>
    References: <Xns9235CF90DEA7Dpaulhutchingsgmxnet@216.168.3.XX>
    <slrnah9nmu.2ao.BitTwister@wb.invalid>
    Ps I put those xx in so not to offend. 8−)
    Regards
    Don

    "Paul Hutchings" <paul.hutchings@gmx.netNOSPAM> wrote in message


    news:Xns9235E0520966Epaulhutchingsgmxnet@216.168.3.40...
    > BitTwister@localhost.localdomain (Bit Twister) wrote in
    > news:slrnah9nmu.2ao.BitTwister@wb.invalid:
    >
    > > On Sat, 22 Jun 2002 19:24:16 −0000, Paul Hutchings wrote:
    > >> I've just checked our IIS and Urlscan logs and a few hours ago
    > >> someone had a go at some of our sites, they didn't get anywhere as
    > >> the server is patched up and filtered with Urlscan.
    > >>
    > >> I've looked up the IP on Ripe, and it doesn't appear to be the usual
    > >> dialup as a regular company is listed.
    > >>
    > >> I'm after some examples of the sort of email you would send in this
    > >> situation, basically I want to let them what seems to have been
    > >> attempted, when, etc without sounding accusatory...
    >>
    >>
    > > Subject: Your box appears to be infected,
    > > Here is a copy of the logs.
    >>
    >>
    >
    > Hmm. I'm not too familiar with exactly what virii cause what
    > requests...here's a sample of the log entries (I've xxx'd our IP).
    >

    Re: Website Hacking Attempt − letting the IP Block owners know? 1


    comp.security.misc: Re: Website Hacking Attempt − letting the IP Block owners know?
    > 15:31:39 62.73.168.17 − xxx.xxx.xxx.xxx GET
    > /à\?\¯../winnt/system32/netstat.exe 404 3 80 −
    > 15:31:39 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/nbtstat.exe
    404
    > 3 80 −
    > 15:31:39 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/ping.exe 404 3
    > 80 −
    > 15:31:39 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/ipconfig.exe
    > 404 3 80 −
    > 15:31:39 62.73.168.17 − xxx.xxx.xxx.xxx − − 404 2 80 −
    > 15:31:40 62.73.168.17 − xxx.xxx.xxx.xxx − − 404 2 80 −
    > 15:31:40 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/ipconfig.exe
    > 404 3 80 −
    > 15:31:41 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/ipconfig.exe
    > 404 3 80 −
    > 15:31:41 62.73.168.17 − xxx.xxx.xxx.xxx − − 404 2 80 −
    > 15:31:41 62.73.168.17 − xxx.xxx.xxx.xxx − − 404 2 80 −
    > 15:31:41 62.73.168.17 − xxx.xxx.xxx.xxx − − 404 2 80 −
    > 15:31:41 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/ping.exe 404 3
    > 80 −
    > 15:31:41 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/ping.exe 404 3
    > 80 −
    > 15:31:41 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/tftp.exe 404 3
    > 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/tftp.exe 404 3
    > 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx GET
    > /scripts/..Á%pc../winnt/system32/ping.exe 404 3 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/nbtstat.exe
    404
    > 3 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx GET
    > /scripts/..Á%8s../winnt/system32/tftp.exe 404 3 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/ping.exe 404 3
    > 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx − − 404 2 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx − − 404 2 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx − − 404 2 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx GET
    > /scripts/..À%qf../winnt/system32/nbtstat.exe 404 3 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/ipconfig.exe
    > 404 3 80 −
    > 15:31:42 62.73.168.17 − xxx.xxx.xxx.xxx GET /winnt/system32/netstat.exe
    404
    > 3 80 −
    > 15:31:44 62.73.168.17 − xxx.xxx.xxx.xxx GET
    > /scripts/..À%9v../winnt/system32/netstat.exe 404 3 80 −
    >
    > −−
    > Paul Hutchings
    > ****Remove NOSPAM when replying****

    Re: Website Hacking Attempt − letting the IP Block owners know? 2


    comp.security.misc: Re: Website Hacking Attempt − letting the IP Block owners know?

    • Next message: HC: "Re: Website Hacking Attempt − letting the IP Block owners know?"
    • Previous message: Paul Hutchings: "Re: Website Hacking Attempt − letting the IP Block owners
    know?"
    • In reply to: Paul Hutchings: "Re: Website Hacking Attempt − letting the IP Block owners know?"
    • Next in thread: those who know me have no need of my name: "Re: Website Hacking Attempt −
    letting the IP Block owners know?"
    • Reply: those who know me have no need of my name: "Re: Website Hacking Attempt − letting the IP
    Block owners know?"
    • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

    Re: Website Hacking Attempt − letting the IP Block owners know? 3

    You might also like