Announcement

Collapse
No announcement yet.

Help I've got worms!

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Help I've got worms!

    Hi,

    While checking my stats I noticed a very large number of 404 error codes (page not found) and when looking into them I discovered some very strange urls:-

    cgi-bin/ca000001.\"Xx<XaXaXXaXaX>xX
    /\"Xx<XaXaXXaXaX>xX-bin/ca000001.pl
    /cgi-\"Xx<XaXaXXaXaX>xX/ca000001.pl
    /\"Xx<XaXaXXaXaX>xX/ca000001.pl
    /msadc/msadcs.dll
    /cgi-bin/ss000001.\"Xx<XaXaXXaXaX>xX
    /iisadmpwd/aexp2.htr
    /iisadmpwd/aexp4b.htr
    /pccsmysqladm/incs/dbconnect.inc
    /horde/services/help/

    I spoke to my hosting (Host-it) who thinks it could be worms and said I needed to check the vulnerability of my coding, but never had these before.

    I haven't got a clue what to do about these and how to stop them, has anyone got any sound advice please?

    Thanks
    Helen
    www.postapresent.co.uk
    Gifts by Post & Giftwrapping Service
    Tags: None
    #2
    You'll always get odd 404 errors. It's usually just bots and spammers looking for ways into your system.

    I'd say all the 404 logs are showing is that they're not finding what they're looking for.

    Mike
    -----------------------------------------

    First Tackle - Fly Fishing and Game Angling

    -----------------------------------------

    Comment

      #3
      So these urls are spammers searching, they are not pages or links that someone has tried to create on my site then? It's just that there were over 5000 404's in July so far, which is why I was concerned.
      Helen
      www.postapresent.co.uk
      Gifts by Post & Giftwrapping Service

      Comment

        #4
        They search for known vulnerabilities or to check what servers / system you are running so they can target and launch specific attacks. Your host should have all the latest patches in place - ask them if they have.


        Bikster
        SellerDeck Designs and Responsive Themes

        Comment

          #5
          Originally posted by Bonjour View Post
          there were over 5000 404's in July so far
          All these are automated scripts - they attack 1000's of sites per second looking for a back door


          Bikster
          SellerDeck Designs and Responsive Themes

          Comment

            #6
            I'm not an expert in this area, but these look like typical vulnerability checkers trying to find a hole in your site.

            The extra traffic in this area probably just suggests that your site has become a target.

            The advice about ensuring you're not vulnerable to worms and cross scripting issues is probably spot on. Make sure you have the latest version of Actinic installed. (8.5.3 in V8).

            Mike
            -----------------------------------------

            First Tackle - Fly Fishing and Game Angling

            -----------------------------------------

            Comment

              #7
              Okay thanks, so hopefully if they've tried so many times they haven't got in!

              I am on the up to date version of Actinic and I regularly scan my pc for malware, viruses etc and do a pc clean too, so I guess there's not a lot else I can do. It's scary stuff isn't it?
              Helen
              www.postapresent.co.uk
              Gifts by Post & Giftwrapping Service

              Comment

                #8
                Yes, it can be scary but one of the nice things about actinic is that if your website does get trashed you can just delete everything on the server and do a site refresh.

                Just make sure you back up any important stuff on your PC regularly in case of PC problems.

                Mike
                -----------------------------------------

                First Tackle - Fly Fishing and Game Angling

                -----------------------------------------

                Comment

                  #9
                  Yeah this is just script kiddies attempting to scan your server, nothing to worry about so long as everything is up to date and your hosting provider has applied the latest updates.

                  You will get a lot of 404 errors or 500 errors even possibly some 504's too but these are just scripts scanning for known security issues in an attempt to take control of the server. Its all normal for a public machine.

                  I run apt-get update; apt-get upgrade on my servers every day to ensure they have the latest updates when available. But then again I am lucky enough to administrate my own servers so I can be sure of their security.
                  Regards,
                  Simon Dann Ba Hons, MA.

                  "The markings of a great platform is it not forcing its users to hack around it, but to progress logically through it" - Anon

                  Comment

                  Previous template Next
                  Working...
                  X