Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

help strange goings on

Status
Not open for further replies.
kiwix

kiwix

IS-IT--Management
Oct 14, 2003
7
GB
Hi i am a new bie here and don't know if this is right forum but here goes.

I have a strange security issue. I run xp pro(all latest patches) Norton Internet security, NAV

I am connected permanently to the net via adsl connection and sometimes when i check my task manager situation i see dllhost.exe being run by something called IWAM_R user.

subsequent searches on google reveal nothing for this. Has anyone come across this before, what does it mean and what if anything do i do about it.

Also i recently had an attack details below
: Attempted Intrusion "URL_Directory_Traversal" from your machine against was detected and blocked
Intruder: localhost(2484)
Risk Level: High
Protocol: TCP
Attacked IP: Attacked Port: http(80)

now i have never been near this starletsdatabase.com let alone havea clue what URL_Directory_traversla is, can anyone help.
 
Sort by date Sort by votes
yes i am running iis, but again another strange one there. although iis is running and my web site is able to be accessed via the web, i no longer have any localhost. whenever i try to view a local web site on my machine i get no website configured at this address. Which is not the case as they all used to work like a charm.
 
Upvote 0 Downvote
yes i think so, i am not sure really after i had connected to the web the site that was set as default on my iis started dispaying when i typed in my static ip

but that number does ring a bell and i have seen it

sorry dont really understand all this stuff
 
Upvote 0 Downvote
"localhost" always refers to the machine you are on ("local host". Get it?). By definition under TCP/IP, "localhost" has an address of 127.0.0.1.

This is on all machines. If your web server has a web site set up on localhost and you point a browser to from a workstation, you aren't pointing to the web server -- you are pointing to your local machine.

So the next question is: Are you acutally working on the web server machine when you point a browser to
Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
yeh of course. before all this stuff started hapopening i have been working for months using iis as my localhost to test web sites on my machine before they go live on another server.

i understand the localhost part. But now i cannot access any web sites on local host at all. if i put in all i get is 'no web site configured at this address' when i know there is .

to do with the security report and URL_direction thingy from above the web site that was associated with the Security message is not mine, not on my machine, i have never even visited it.

as for the IWAM_R user & dllhost.exe i have no idea. I thought perhaps it was the blaster virus or a worm. but every virus scan i run using latest definaitions comes up negative. I have even run the win xp patch again and the specific fix blast tool from symantec.
 
Upvote 0 Downvote
Upvote 0 Downvote
IE i assume is Internet explorer
IIE i assume you meant iis and answer to that is yes
 
Upvote 0 Downvote
For the dllhost thing: Get ad-aware from lavasoftusa.com it will find and remove it for you (and probably a load of other stuff too)

hth

Ben

----------------------------------------------
Ben O'Hara

"Where are all the stupid people from...
...And how'd they get so dumb?"
NoFX-The Decline
----------------------------------------------
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Help Please, Trying to Convince Company Mixing Personal and Corporate Email is Bad Practice
Replies
9
Views
570
DrB0b
DrB0b
gale winds
  • Locked
  • Question
Disputing call volume on hack
Replies
0
Views
260
gale winds
gale winds
gale winds
  • Locked
  • Question
Call Volumes on PBX hack seem impossible
Replies
0
Views
234
gale winds
gale winds
nakbrooks
  • Locked
  • Question
Configuring NAT on SonicWall TZ210 to access ADSL router from LAN
Replies
0
Views
113
nakbrooks
nakbrooks
shahinmirzaei
  • Locked
  • Question
Need Help in Decryption
Replies
0
Views
66
shahinmirzaei
shahinmirzaei

Part and Inventory Search

Sponsor

Back
Top