HomeDesigning Your WebsiteWebmaster's Corner

Strange data in logs of my website. Can anybody give an advice?

spaniard posted this at 19:47 — 16th September 2004.

They have: 3 posts

Joined: Sep 2004

Hi,

I administrate my site on my own just half year, so still have lots of questions. Can anybody give me an advice? Today I found following data in my logs:

212.86.234.81 - - [16/Sep/2004:13:34:22 +0000] "GET /mmssetup.exe HTTP/1.0" 200 1002072 "http://www.mysite.com/mmssetup.exe" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)"

212.86.234.81 - - [16/Sep/2004:13:34:36 +0000] "GET /msnaddin.exe HTTP/1.0" 200 60526 "http://www.mysite.com/msnaddin.exe" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)"

I never had such .EXE files on my ftp. Can they corrupt my website? Steal or copy data from site?

As I checked through Google both files should be non-threatening. Just what they could do one MY ftp? Especially if IP was from country at nowhere - Ukraine?

And there was data in RIPE:

inetnum: 212.86.234.80 - 212.86.234.95
netname: COMPINTSERVICE
descr: Computer Inter Service,
descr: Kiev,
country: UA
admin-c: SP9360-RIPE
tech-c: SP9360-RIPE
status: ASSIGNED PA
notify: [email protected]
mnt-by: AS6703-MNT
changed: [email protected] 20010523
source: RIPE

route: 212.86.224.0/19
descr: ALKAR
origin: AS6703
mnt-by: AS6703-MNT
changed: [email protected] 20000526
source: RIPE

person: Sergey Ponomarenko
address: Kiev, Ukraine
phone: +380 44 2964381
fax-no: +380 44 2964381
e-mail: [email protected]
nic-hdl: SP9360-RIPE
notify: [email protected]
changed: [email protected] 20010523
source: RIPE

Will be glad if anybody explain me what does it all mean...
Regards,
Spaniard

Busy posted this at 22:18 — 16th September 2004.

Busy's picture

He has: 6,151 posts

Joined: May 2001

You will always get people hunting for holes in your sites server, most common is the formmail calls. One of my sites gets about 30 formail requests a week (formmail, formail, form-mail .... and I don't use any 3rd party scripts)

If you don't have the .exe on your site dont worry about it, just someone sniffing around the net looking for a hole. most are looking for ways to send out spam, or hack your site.

9 out of 10 times the IP given in yor logs is a proxy (not their real IP) so tracking and complaining is more often than not a waste of time.

You can make up a txt file report, and add the line of code in it when you get them, order by IP and if you get, say more than 5 requests for bad stuff from one IP (match 100% not just first 3 groups of numbers) block them from your site via htaccess

spaniard posted this at 16:54 — 17th September 2004.

They have: 3 posts

Joined: Sep 2004

Thank you, Busy

I defenitely will try with htaccess file. It sounds like good treatment against muppets invasion Smiling

Tnx,
Spaniard

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.