• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Am I Under Attack?

 
(instanceof Sidekick)
Posts: 8791
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here are some log entries from my Wiki, all from one IP address which I hid ... is somebody trying to break in? Or just running some kind of tool against my site? They seem to think I'm an IIS server.
 
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Probably. There's a Frontpage extension exploit that tries to post something harmful to shtml.exe. If you aren't using the extensions, there's no problem aside from the possible DOS. Do a reverse DNS and inform the IP's web master or their ISP. The machine is probably compromised itself. When Code Red was rampant, I had the distinct pleasure of contacting a local web security consultant to inform him that his domain was a zombie. Good times!
 
Ranch Hand
Posts: 473
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I was once connected to internet through dialup and and also running a java based server type program which received request at port 80 and display client socket info. My OS is win 98. I was surprised to find that a guy connected my server. The guy was from hongkong. I disconnected as soon as possible. What he was trying to do?

Maki Jav
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It probably wasn't even a "guy". Most of these attacks are performed by scripts run on previously compromised computers. The scripts run brute force attacks against any port it can find. If you aren't running a service that can be compromised, as Stan is not running Frontpage extensions on his web server, the script can't do anything (well, other than flood you with requests). In your case it is unlikely that your Java server could have been compromised. Hacking requires intimate knowledge of the inner workings of a server to exploit bugs in the program. A simple socket receive and print out probably (giving you the benefit of the doubt) doesn't have any holes. Other services on your windows machine, like disk and print sharing, can be remotely compromised. Lessons: Turn off unneeded services and run a firewall. They can't hack what an't running and what they can't see.
 
Stan James
(instanceof Sidekick)
Posts: 8791
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm practicing security through obscurity - since I wrote this server from scratch I doubt most usual exploits will have any effect. But I put the source on the site, so somebody who wants to take the time could try to write something, I guess. There is an IIS server on the same box, though. I wonder if they got through to it!
 
Maki Jav
Ranch Hand
Posts: 473
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

thank God I was not running any such application that can be compromised and yes my server was just a raw one that I was using to test my connecting to my own system through dialup. No problems have been detected so far after that incidence.

Thanks

Maki Jav
 
She's out of the country right now, toppling an unauthorized dictatorship. Please leave a message with this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic