Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Got hacked?

Status
Not open for further replies.
mccake

mccake

Programmer
Jul 4, 2002
5
CA
I saw some binary data in my access.log and error.log.
Did someone hack my Apache server?
 
Sort by date Sort by votes
The files are huge. May be I can put some lines here when I'm home. I've already upated my apache to the latest 1.3.26 (Win32) will it be my cgi and php setting that lead to this?
 
Upvote 0 Downvote
I'm thinking is it possible that those computers which got Nimda is scanning my Apache and my Apache crashes and put the memory dump in the error.log. Since I saw some of the names of my processes in there.
 
Upvote 0 Downvote
Here is some of my access.log
Seems like my file system information is exposed in the access log??

66.65.114.115 - - [07/Jul/2002:22:13:55 -0700] "GET /phpBB/getimage.php?id=1306 HTTP/1.1" 200 68963
66.65.114.115 - - [07/Jul/2002:22:13:56 -0700] "GET /phpBB/getimage.php?id=1307 HTTP/1.1" 200 69690
\ S Y S T E M V O L U M E I N F O R M A T I O N \ _ R E S T O R E { 2 E 7 C A D 0 2 - 3 A 5 3 - 4 B 2 E - 9 6 8 3 - 2 E 5 5 1 1 F 3 A 4 1 3 } \ R P 1 1 8 \ C H A N G E . L O G

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ V I R S C A N 1 . D A T

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ V I R S C A N 4 . D A T

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ V I R S C A N 2 . D A T

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ N A V E X 3 2 A . D L L

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ N A V E N G 3 2 . D L L

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ T S C A N 1 H D . D A T

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ T S C A N 1 . D A T

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ V I R S C A N 5 . D A T

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ V I R S C A N 8 . D A T

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ V I R S C A N 6 . D A T

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ V I R S C A N 7 . D A T

C : \ P R O G R A M F I L E S \ C O M M O N F I L E S \ S Y M A N T E C S H A R E D \ V I R U S D E F S \ 2 0 0 2 0 2 0 7 . 0 3 5 \ V I R S C A N 9 . D A T

C : \ S Y S T E M V O L U M E I N F O R M A T I O N \ _ R E S T O R E { 2 E 7 C A D 0 2 - 3 A 5 3 - 4 B 2 E - 9 6 8 3 - 2 E 5 5 1 1 F 3 A 4 1 3 } \ R P 1 1 8 \ R P . L O G

C : \ W I N D O W S \ S Y S T E M 3 2 \ R A S D L G . D L L

C : \ W I N D O W S \ S Y S T E M 3 2 \ P R I N T U I . D L L

C : \ W I N D O W S \ S Y S T E M 3 2 \ A M S L I B . D L L

C : \ W I N D O W S \ S Y S T E M 3 2 \ L O C 3 2 V C 0 . D L L

C : \ W I N D O W S \ S Y S T E M 3 2 \ M S G S Y S . E X E

C : \ D O C U M E N T S A N D S E T T I N G S \ A L L U S E R S \ A P P L I C A T I O N D A T A \ S Y M A N T E C \ N O R T O N A N T I V I R U S C O R P O R A T E E D I T I O N \ 7 . 5 \ L O G S \ 0 2 1 5 2 0 0 2 . L O G

C : \ S Y S T E M V O L U M E I N F O R M A T I O N \ _ R E S T O R E { 2 E 7 C A D 0 2 - 3 A 5 3 - 4 B 2 E - 9 6 8 3 - 2 E 5 5 1 1 F 3 A 4 1 3 } \ R P 1 1 7 \ C H A N G E . L O G

C : \ S Y S T E M V O L U M E I N F O R M A T I O N \ _ R E S T O R E { 2 E 7 C A D 0 2 - 3 A 5 3 - 4 B 2 E - 9 6 8 3 - 2 E 5 5 1 1 F 3 A 4 1 3 } \ R P 1 1 7 \ R P . L O G

C : \ W I N D O W S \ S Y S T E M 3 2 \ C M D . E X E
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kzn
  • Locked
  • Question
My Apache webserver Hacked
Replies
2
Views
54
Noway2
Noway2
Crundy
  • Locked
  • Question
Hacked server? 2
Replies
10
Views
80
RhythmAce
RhythmAce
xbl12
  • Locked
  • Question
i got a funny rewrite url
Replies
2
Views
20
xbl12
xbl12
barbour6599
  • Locked
  • Question
Linux server being hacked
Replies
12
Views
73
wybnormal
wybnormal
weifan
  • Locked
  • Question
Was my server hacked with makewhatis?
Replies
2
Views
30
plamb
plamb

Part and Inventory Search

Sponsor

Back
Top