Topic: Attempts to hack... ????

[Bron]

I have what looks like attempts to get to the c:\winnt drive of my server ... am I right to assume these are hack attempts?   If so, can anyone point me to a URL where i can learn more about these types of events?

Additionally, there are now attempts to connect on port 25 to sites such as yahoo and MSN, are these attempts to bounce eMail?

Can anyone suggest how I can easily check that they were unsuccessful in their attempts?

(or point out to me that I am incorrect)?




Bron

[Andy MacDonald]

Congrats Bron.
You now belong to the nimda worm log perusers club.
Look for the pattern as it will be the same for all of them.
The long list of NNNNN's is a Code Red attack.
Install apache-hits and keep score. Nothing you can do to stop it unless you want to do some manual cut and paste back to the same IP address....

[Jason Judge]

I just got that too now:

www.mydomain.co.uk 208.14.104.190 - - [12/Oct/2002:19:20:23 +0100] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 400 252 "-" "-"

It knocked out some sessions on my PostNuke site I was hosting - so I'm a bit worried.

There is an e-smith e-mail address to send these things to, but it's not very prominant on this site, so I'm posting this attempt here.

-- Jason